1 / 6

KMIP Template Discussion

KMIP Template Discussion. Bruce Rich Sept 12, 2012. Original Observation. GET of TEMPLATE seems underspecified The current implementations return different results…not useful Useful result would be that a conformant GET of a TEMPLATE would only return specified results.

viveka
Download Presentation

KMIP Template Discussion

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. KMIP Template Discussion Bruce Rich Sept 12, 2012

  2. Original Observation • GET of TEMPLATE seems underspecified • The current implementations return different results…not useful • Useful result would be that a conformant GET of a TEMPLATE would only return specified results

  3. Different views of TEMPLATEs • “Bag of ATTRIBUTEs” view • “Immutable body” view

  4. “Bag of ATTRIBUTEs” view • Managed Objects have ATTRIBUTEs • And nothing else • The only content are the ATTRIBUTEs mentioned in section • Some are client-settable, others are server-managed • Lifecycle is that of Managed Object • Can edit (post-registration) via AddAttribute, ModifyAttribute, DeleteAttribute • So GET should return a specified subset of its ATTRIBUTEs?

  5. “Immutable body” view • Blob at end of Register operation is the body • It’s immutable • Can AddAttribute, ModifyAttribute, DeleteAttributeother Attributes, but not “body” • So seems to have a different lifecycle • Once REGISTERed, cannot modify “body”, have to REGISTER different object to get different “body” • So GET should return the “body”?

  6. Additional observations • Register need not have any content in blob at end • Error? • Change spec? • Feature? • Two use cases supported • Register a key for management without disclosing key material to server…HSM… • Template composition, either in concert with just other templates, or in combination with inline attributes • Document use cases?

More Related