Hi Krishna,
Thanks for putting together the proposal. I think it's very useful to be able to group managed objects into groups. At this point, I have the following questions:
1. Will a group have its own UUID?
2. Does the homogenous group only apply to symmetric keys or could you, for example, have a group of asymmetric keys?
3. What are the requirements for a homogenous group? Can it consists of, for example, both AES and TDES keys? What about key size or key type restrictions? Can a group consists of both encryption and MAC keys?
4. What happens to a group member after a rekey or a destroy? I assume the new version of the key will not be automatically added to the group after a rekey.
5. How will the Cryptographic Usage Mask attribute of group members affect the group object? The usage mask defines the usage of a managed object and may conflict with the cursor pattern set for the group.
6. Does it even make sense to apply the Activate operation to a group?
7. This question is probably linked to the Access Control proposal. Assuming that several users have access to a group, who is able to add new members to a group? I assume the user who is able to add a managed object to a group must have access to the object and have the privilege to add the object to the group.
Thanks,
Indra
Original Message-----
From: kyellepe@us.ibm.com [mailto:kyellepe@us.ibm.com]
Sent: Wednesday, June 30, 2010 9:10 PM
To: kmip@lists.oasis-open.org
Subject: [kmip] Groups - Group as a managed object (KMIP-GroupProposal-06302010.pdf) uploaded
Proposal to add Group as a managed object to v 1.1 of the specification.
-- Krishna Yellepeddy
The document named Group as a managed object
(KMIP-GroupProposal-06302010.pdf) has been submitted by Krishna Yellepeddy
to the OASIS Key Management Interoperability Protocol (KMIP) TC document
repository.
Document Description:
Proposal for Group as a new managed object in KMIP
View Document Details:
http://www.oasis-open.org/committees/document.php?document_id=38504
Download Document:
http://www.oasis-open.org/committees/download.php/38504/KMIP-GroupProposal-06302010.pdf
PLEASE NOTE: If the above links do not work for you, your email application
may be breaking the link into two pieces. You may be able to copy and paste
the entire link address into the address field of your web browser.
-OASIS Open Administration