Presentation is loading. Please wait.

Presentation is loading. Please wait.

KMIP Vendor Extension Management KMIP supports ‘extensions’ but provides no mechanism for coordination of values between clients and servers or between.

Published byJason Rodgers Modified over 9 years ago

Similar presentations

Presentation on theme: "KMIP Vendor Extension Management KMIP supports ‘extensions’ but provides no mechanism for coordination of values between clients and servers or between."— Presentation transcript:

1 KMIP Vendor Extension Management KMIP supports ‘extensions’ but provides no mechanism for coordination of values between clients and servers or between vendors – Items – starting with 0x54 rather than 0x42 – Enumerations – using 0x8XXXXXXX (except for Masks which are different) – Message Extension Tim Hudson – tjh@cryptsoft.com 1

2 KMIP Vendor Extension Management A Vendor extension can be added as: i.Attribute with Name and simple Item Type e.g. the x-AttributeName ii.Attribute with Name and Structure containing items of simple Item Type iii.Re-purposing existing KMIP Object e.g. Adding new enumeration into CREDENTIALS and interpreting the value field differently iv.Using Message Extension Tim Hudson – tjh@cryptsoft.com 2

3 KMIP Vendor Extension Management Objectives a)Client can determine if server supports a given vendor extension b)Server can display meaningful values for vendor extensions c)Extensions from multiple vendors should not clash i.e. Universal clients and universal servers should be technically possible to produce. Tim Hudson – tjh@cryptsoft.com 3

4 KMIP Vendor Extension Management TTLV encoding provides a mechanism for meaningful communication of structured information. Vendor extensions should not degenerate into (unmanageable) opaque blobs. Different contexts of usage will require different information to be passed between client and server. Vendor extensions should not degenerate into requiring point-to-point testing against each server. Tim Hudson – tjh@cryptsoft.com 4

5 KMIP Vendor Extension Management Attributes are queried by Name but encoded by Tag Value – the mapping needs to be known Tag Values selected by Vendors need to not clash Tim Hudson – tjh@cryptsoft.com 5

6 KMIP Vendor Extension Management Solutions - Summary 1.Require registration of vendor extensions 2.Allow allocation of ranges for extensions to vendors 3.Separate extension range into “private” and “public” extensions 4.Extend QUERY operation to provide more server behaviour details 5.Add new OPERATION to return ‘schema’ information Tim Hudson – tjh@cryptsoft.com 6

7 KMIP Vendor Extension Management Solutions 1.Require registration of vendor extensions Would prevent clashing usage of Tag Values KMIP TC handles initial registry of values Single registry or separate documents per vendor Include in profile documents 2.Allow allocation of ranges for extensions to vendors Would prevent clashing usage of Tag Values Does not allow for interoperability – still requires vendor- to-vendor coordination Tim Hudson – tjh@cryptsoft.com 7

8 KMIP Vendor Extension Management Solutions 3.Separate extension range into “private” and “public” extensions Make it clear when extensions are not meant to be interoperable 4.Extend QUERY operation to provide more server behaviour details Return list of supported vendor extensions Return mapping from Name to Tag Value Return implementation limits such as maximum length of byte- arrays and text strings, maximum number of attribute instances for multi-instance attributes, etc Can be handled as additional QUERY_FUNCTION values and fits within existing 1.0 handling. Tim Hudson – tjh@cryptsoft.com 8

9 KMIP Vendor Extension Management Solutions 5.Add new OPERATION to return ‘schema’ information Requires definition of what a ‘schema’ contains Not a simple solution Potential v2.0 or later item Tim Hudson – tjh@cryptsoft.com 9

10 KMIP Vendor Extension Management Other items 6.Need to define what “uniquely identifies the vendor” means DNS name? URI? Vendor Identification in QUERY response payload (SPEC 4.24, line 1419) Vendor Identification in MESSAGE_EXTENSION payload (SPEC 6.16, line 1637) 7.Need to add new Use Cases to match current or proposed vendor usage Tim Hudson – tjh@cryptsoft.com 10

11 KMIP Vendor Extension Management Recommended Solution – KMIP TC maintains registry of vendor extensions – QUERY operation extended to support returning list of extensions supported (including Tag Value to Attribute Name mapping) – Define Vendor Identification as a URI – Add use cases to match current vendor usage Tim Hudson – tjh@cryptsoft.com 11

Download ppt "KMIP Vendor Extension Management KMIP supports ‘extensions’ but provides no mechanism for coordination of values between clients and servers or between."

Similar presentations

IVOA, Pune India September 27-29 20041 Data Access Layer Working Group Pune Workshop Summary Doug Tody National Radio Astronomy Observatory International.

IVOA, Pune India September Data Access Layer Working Group Pune Workshop Summary Doug Tody National Radio Astronomy Observatory International.
April 23, 20021 XKMS Requirements Update Frederick Hirsch, Mike Just April 23, 2002 Goals Requirements Summary –General, Security Last Call Issues –For.

April 23, XKMS Requirements Update Frederick Hirsch, Mike Just April 23, 2002 Goals Requirements Summary –General, Security Last Call Issues –For.
IHE Profile Proposal: Dynamic Configuration Management October, 2013.

IHE Profile Proposal: Dynamic Configuration Management October, 2013.
26 May 2004IVOA Interoperability Meeting - Boston1 IVOA Registry Working Group VOResource v1.0 Ray Plante.

26 May 2004IVOA Interoperability Meeting - Boston1 IVOA Registry Working Group VOResource v1.0 Ray Plante.
SOAP.

SOAP.
©2009 HP Confidential1 Proposal to OASIS KMIP TC Stan Feather and Indra Fitzgerald Hewlett-Packard Co. 10 September, 2010 Encoding Options for Key Wrap.

©2009 HP Confidential1 Proposal to OASIS KMIP TC Stan Feather and Indra Fitzgerald Hewlett-Packard Co. 10 September, 2010 Encoding Options for Key Wrap.
© 2009 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice KMIP Key Naming for Removable Media.

© 2009 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice KMIP Key Naming for Removable Media.
Mint-user MINT Technical Overview October 8 th, 2010.

Mint-user MINT Technical Overview October 8 th, 2010.
A Use Case for SAML Extensibility Ashish Patel, France Telecom Paul Madsen, NTT.

A Use Case for SAML Extensibility Ashish Patel, France Telecom Paul Madsen, NTT.
Configuration Management Supplement 67 Robert Horn, Agfa Healthcare.

Configuration Management Supplement 67 Robert Horn, Agfa Healthcare.
Requirements for DSML 2.0. Summary RFC 2251 fidelity Represent existing directory protocols with new transport syntax Backwards compatibility with DSML.

Requirements for DSML 2.0. Summary RFC 2251 fidelity Represent existing directory protocols with new transport syntax Backwards compatibility with DSML.
SNIA/SSIF KMIP Interoperability Proposal. What is the proposal? Host a KMIP interoperability program which includes: – Publishing a set of interoperability.

SNIA/SSIF KMIP Interoperability Proposal. What is the proposal? Host a KMIP interoperability program which includes: – Publishing a set of interoperability.
An Introduction to XML Presented by Scott Nemec at the UniForum Chicago meeting on 7/25/2006.

An Introduction to XML Presented by Scott Nemec at the UniForum Chicago meeting on 7/25/2006.
Profiling Metadata Specifications David Massart, EUN Budapest, Hungary – Nov. 2, 2009.

Profiling Metadata Specifications David Massart, EUN Budapest, Hungary – Nov. 2, 2009.
KMIP - Hardware Security Modules Meta-Data-Only (MDO) Keys Saikat Saha & Denis Pochuev Feb 2012.

KMIP - Hardware Security Modules Meta-Data-Only (MDO) Keys Saikat Saha & Denis Pochuev Feb 2012.
Web Services Week 7 Aims: A detailed look at the underlying mechanisms for communication between web services Objectives: SOAP, WSDL, UDDI.

Web Services Week 7 Aims: A detailed look at the underlying mechanisms for communication between web services Objectives: SOAP, WSDL, UDDI.
WebDAV Issues Munich IETF August 11, 1997. Property URL encoding At present, spec. allows encoding of the name of a property so it can be appended to.

WebDAV Issues Munich IETF August 11, Property URL encoding At present, spec. allows encoding of the name of a property so it can be appended to.
1 The OASIS KMIP Standard: Interoperability for the Cryptographic Ecosystem www.oasis-open.org Jon Geater OASIS KMIP TC With thanks to Bob Griffin, co-chair,

1 The OASIS KMIP Standard: Interoperability for the Cryptographic Ecosystem Jon Geater OASIS KMIP TC With thanks to Bob Griffin, co-chair,
HTTP Extension Framework Name: Qin Zhao Id: 102906.

HTTP Extension Framework Name: Qin Zhao Id:
Multi-part Messages in KMIP John Leiseboer, QuintessenceLabs.

Multi-part Messages in KMIP John Leiseboer, QuintessenceLabs.

Similar presentations

Ads by Google