OASIS Key Management Interoperability Protocol (KMIP) TC

 View Only
  • 1.  Server to Client Query

    Posted 08-21-2014 21:29
    As requested on the call today, I am sending a description of the server to client query issue that was discussed in the TC call on June 19. There is an asymmetry in KMIP, such that KMIP clients may use a proxy to connect to a KMIP server, where the proxy terminates the TLS connection with the server. This asymmetry does not permit a server to directly address a client sitting behind the proxy for server to client messages. Incidentally, this is also an issue for the Notify and Put operations, and could perhaps be resolved in a similar manner. This is not an issue in the client to server direction because: a. The server is the end point (as far as KMIP request messages are concerned) and we do not (yet) have the concept of a server proxy in KMIP; b. As the proxy is acting on behalf of clients, it can manage the pairing of requests and their responses, and map these to its end-point clients. There are many practical examples of this type of configuration: tape library as proxy to tape drives; disk array controller as proxy to disk drives; VM manager as proxy to VM instances; communications controller as proxy to radio receivers and transmitters; key loader as proxy to end-point encryption devices; etc. As expressed on the call, some TC members' products, and customers, support configurations where clients with DIFFERENT capabilities connect through a proxy. The current proposal for server to client queries assumes a one-to-one direct relationship between the server and the client. The proposal does not specify how a server can direct a query to a specific end-point client behind the proxy, or how a proxy can indicate which end-point client a query response applies to. I will try to describe some of the possible solutions to this in a later email. Right now, I have other work to do. John John Leiseboer Chief Technology Officer QuintessenceLabs W: quintessencelabs.com E: jl@quintessencelabs.com M(AU): +61 409 487 510 M(US): +1 202 294 6825 Skype: jleiseboer AU: 15 Denison St Deakin ACT 2601 T: +61 2 6260 4922 US: Suite 1077 Bldg 19 NASA Ames Research Park Moffett Field CA 94035 T: +1 650 870 9920