OASIS Key Management Interoperability Protocol (KMIP) TC

 View Only
  • 1.  Groups - Client / Server Correlation Value uploaded

    Posted 12-16-2015 06:27
    Submitter's message This update incorporates feedback from Sue G, Bruce R, David F and Mark J. -- Anthony Berglas Document Name : Client / Server Correlation Value Description Proposal to enhance communication between the client and server. Download Latest Revision Public Download Link Submitter : Anthony Berglas Group : OASIS Key Management Interoperability Protocol (KMIP) TC Folder : Proposals Date submitted : 2015-12-15 22:26:55 Revision : 1


  • 2.  RE: [kmip] Groups - Client / Server Correlation Value uploaded

    Posted 12-16-2015 08:24
    HI Anthony,   The changes are an improvement. I don’t see a need for the ResponseCorrelation value though. If the RequestCorrelation value is present in the Request message and the related Response message, that should be sufficient to correlate the request with the response in both client and server logs. What need do you see for having both correlation values in the Response message? If the one correlation value is sufficient, then maybe it could be renamed MessageCorrelation value or something similar?   John   From: kmip@lists.oasis-open.org [mailto:kmip@lists.oasis-open.org] On Behalf Of Anthony Berglas Sent: Wednesday, 16 December 2015 5:27 PM To: kmip@lists.oasis-open.org Subject: [kmip] Groups - Client / Server Correlation Value uploaded   Submitter's message This update incorporates feedback from Sue G, Bruce R, David F and Mark J. -- Anthony Berglas Document Name : Client / Server Correlation Value Description Proposal to enhance communication between the client and server. Download Latest Revision Public Download Link Submitter : Anthony Berglas Group : OASIS Key Management Interoperability Protocol (KMIP) TC Folder : Proposals Date submitted : 2015-12-15 22:26:55 Revision : 1  


  • 3.  RE: [kmip] Groups - Client / Server Correlation Value uploaded

    Posted 12-16-2015 13:13
    Hi Anthony   I do not agree that the semantics of the Unique Batch Item ID could not / should not be changed to support enhanced logging. That said, I do agree with John Leiseboer that there is no need for a Response Correlation .   Regards, … Dave     From: kmip@lists.oasis-open.org [mailto:kmip@lists.oasis-open.org] On Behalf Of John Leiseboer Sent: Wednesday, December 16, 2015 3:23 AM To: Anthony Berglas; kmip@lists.oasis-open.org Subject: RE: [kmip] Groups - Client / Server Correlation Value uploaded   HI Anthony,   The changes are an improvement. I don’t see a need for the ResponseCorrelation value though. If the RequestCorrelation value is present in the Request message and the related Response message, that should be sufficient to correlate the request with the response in both client and server logs. What need do you see for having both correlation values in the Response message? If the one correlation value is sufficient, then maybe it could be renamed MessageCorrelation value or something similar?   John   From: kmip@lists.oasis-open.org [ mailto:kmip@lists.oasis-open.org ] On Behalf Of Anthony Berglas Sent: Wednesday, 16 December 2015 5:27 PM To: kmip@lists.oasis-open.org Subject: [kmip] Groups - Client / Server Correlation Value uploaded   Submitter's message This update incorporates feedback from Sue G, Bruce R, David F and Mark J. -- Anthony Berglas Document Name : Client / Server Correlation Value Description Proposal to enhance communication between the client and server. Download Latest Revision Public Download Link Submitter : Anthony Berglas Group : OASIS Key Management Interoperability Protocol (KMIP) TC Folder : Proposals Date submitted : 2015-12-15 22:26:55 Revision : 1   The information contained in this electronic mail transmission may be privileged and confidential, and therefore, protected from disclosure. If you have received this communication in error, please notify us immediately by replying to this message and deleting it from your computer without copying or disclosing it.


  • 4.  Re: [kmip] Groups - Client / Server Correlation Value uploaded

    Posted 12-17-2015 21:14
    Hello John and David, The ResponseCorrelation was included for two reasons.  The first is that it might be difficult for a client to generate truly unique values and duplicate values which could easily confuse automated auditors that are processing large logs. The second reason is that the server may already have a standard way of generating log record identifiers, and it could be convenient to be able to store them explicitly in the client logs.  Those identifiers also provide evidence to the client that the server actually processed the request. Given simplicity and the low cost of including them I thought that it would be worthwhile. As to the Unique Batch Item ID, there are two problems as pointed out by Tim before.  The first is that they identify batch items, and not requests.  The second is simply that this is not how existing vendors use the IDs, which is to identify batch items within a batch when Batch Order Option has not been set true.  It is generally much better to introduce new functionality explicitly with new tags rather than subtly changing the meanings of existing tags. (Sorry for the late response) Anthony. On Wed, Dec 16, 2015 at 11:13 PM, Featherstone, David < David.Featherstone@safenet-inc.com > wrote: Hi Anthony   I do not agree that the semantics of the Unique Batch Item ID could not / should not be changed to support enhanced logging. That said, I do agree with John Leiseboer that there is no need for a Response Correlation .   Regards, … Dave     From: kmip@lists.oasis-open.org [mailto: kmip@lists.oasis-open.org ] On Behalf Of John Leiseboer Sent: Wednesday, December 16, 2015 3:23 AM To: Anthony Berglas; kmip@lists.oasis-open.org Subject: RE: [kmip] Groups - Client / Server Correlation Value uploaded   HI Anthony,   The changes are an improvement. I don’t see a need for the ResponseCorrelation value though. If the RequestCorrelation value is present in the Request message and the related Response message, that should be sufficient to correlate the request with the response in both client and server logs. What need do you see for having both correlation values in the Response message? If the one correlation value is sufficient, then maybe it could be renamed MessageCorrelation value or something similar?   John   From: kmip@lists.oasis-open.org [ mailto:kmip@lists.oasis-open.org ] On Behalf Of Anthony Berglas Sent: Wednesday, 16 December 2015 5:27 PM To: kmip@lists.oasis-open.org Subject: [kmip] Groups - Client / Server Correlation Value uploaded   Submitter's message This update incorporates feedback from Sue G, Bruce R, David F and Mark J. -- Anthony Berglas Document Name : Client / Server Correlation Value Description Proposal to enhance communication between the client and server. Download Latest Revision Public Download Link Submitter : Anthony Berglas Group : OASIS Key Management Interoperability Protocol (KMIP) TC Folder : Proposals Date submitted : 2015-12-15 22:26:55 Revision : 1   The information contained in this electronic mail transmission may be privileged and confidential, and therefore, protected from disclosure. If you have received this communication in error, please notify us immediately by replying to this message and deleting it from your computer without copying or disclosing it. -- Anthony Berglas Ph.D. Principal Engineer Anthony.Berglas@Cryptsoft.com


  • 5.  RE: [kmip] Groups - Client / Server Correlation Value uploaded

    Posted 12-17-2015 22:23
    Hi Anthony   I did not consider that a client might be incapable of generating a unique identifier ( and if you reiterated that point on the call, I apologize for not hearing/understanding it). Interesting from that perspective, but perhaps also unlikely? And a client of such limited capability might not be able to log the server’s response, anyway?   Cheers, … Dave       From: Anthony Berglas [mailto:anthony.berglas@cryptsoft.com] Sent: Thursday, December 17, 2015 4:14 PM To: Featherstone, David Cc: John Leiseboer; kmip@lists.oasis-open.org Subject: Re: [kmip] Groups - Client / Server Correlation Value uploaded   Hello John and David, The ResponseCorrelation was included for two reasons.  The first is that it might be difficult for a client to generate truly unique values and duplicate values which could easily confuse automated auditors that are processing large logs. The second reason is that the server may already have a standard way of generating log record identifiers, and it could be convenient to be able to store them explicitly in the client logs.  Those identifiers also provide evidence to the client that the server actually processed the request. Given simplicity and the low cost of including them I thought that it would be worthwhile. As to the Unique Batch Item ID, there are two problems as pointed out by Tim before.  The first is that they identify batch items, and not requests.  The second is simply that this is not how existing vendors use the IDs, which is to identify batch items within a batch when Batch Order Option has not been set true.  It is generally much better to introduce new functionality explicitly with new tags rather than subtly changing the meanings of existing tags. (Sorry for the late response) Anthony.   On Wed, Dec 16, 2015 at 11:13 PM, Featherstone, David < David.Featherstone@safenet-inc.com > wrote: Hi Anthony   I do not agree that the semantics of the Unique Batch Item ID could not / should not be changed to support enhanced logging. That said, I do agree with John Leiseboer that there is no need for a Response Correlation .   Regards, … Dave     From: kmip@lists.oasis-open.org [mailto: kmip@lists.oasis-open.org ] On Behalf Of John Leiseboer Sent: Wednesday, December 16, 2015 3:23 AM To: Anthony Berglas; kmip@lists.oasis-open.org Subject: RE: [kmip] Groups - Client / Server Correlation Value uploaded   HI Anthony,   The changes are an improvement. I don’t see a need for the ResponseCorrelation value though. If the RequestCorrelation value is present in the Request message and the related Response message, that should be sufficient to correlate the request with the response in both client and server logs. What need do you see for having both correlation values in the Response message? If the one correlation value is sufficient, then maybe it could be renamed MessageCorrelation value or something similar?   John   From: kmip@lists.oasis-open.org [ mailto:kmip@lists.oasis-open.org ] On Behalf Of Anthony Berglas Sent: Wednesday, 16 December 2015 5:27 PM To: kmip@lists.oasis-open.org Subject: [kmip] Groups - Client / Server Correlation Value uploaded   Submitter's message This update incorporates feedback from Sue G, Bruce R, David F and Mark J. -- Anthony Berglas Document Name : Client / Server Correlation Value Description Proposal to enhance communication between the client and server. Download Latest Revision Public Download Link Submitter : Anthony Berglas Group : OASIS Key Management Interoperability Protocol (KMIP) TC Folder : Proposals Date submitted : 2015-12-15 22:26:55 Revision : 1   The information contained in this electronic mail transmission may be privileged and confidential, and therefore, protected from disclosure. If you have received this communication in error, please notify us immediately by replying to this message and deleting it from your computer without copying or disclosing it. -- Anthony Berglas Ph.D. Principal Engineer Anthony.Berglas@Cryptsoft.com The information contained in this electronic mail transmission may be privileged and confidential, and therefore, protected from disclosure. If you have received this communication in error, please notify us immediately by replying to this message and deleting it from your computer without copying or disclosing it.