OASIS Key Management Interoperability Protocol (KMIP) TC

Expand all | Collapse all

thoughts on [kmip] OASIS Security Standards Interop Demo at RSA Expo 2010

  • 1.  thoughts on [kmip] OASIS Security Standards Interop Demo at RSA Expo 2010

    Posted 12-17-2009 17:31
    Hi -
    
    At our last KMIP TC call, I promised to send around some thoughts on
    what we might do for this interop demo.
    
    The goal of demo is to demonstrate the effectiveness of KMIP protocol
    supporting the use cases such as symmetric key store and foundry across
    multi-vendor implemenations of clients and servers. We could do this at
    one of several levels:
    
    Simplest: Demonstrate KMIP interoperability by sending the same
    requests/responses from a single KMIP client to multiple servers. This
    would entail at least one client system and two server systems. On the
    client, a simple UI would display the following:
    
    -	establish secure connection to server 1
    -	create request message
    -	send request (for example, create symmetric key) to server 1
    -	receive response from server 1
    -	establish secure connection to server 2
    -	send request (for example, create symmetric key) to server 2
    -	receive response from server 2
    
    On the servers, UI would show:
    
    -	establish secure connection from client
    -	receive request
    -	send response
    
    2) A slightly more complex demo could add additional operations as part
    of the script (for example, register). Alternatively, it could add other
    key types for the same operation (create asymmetric keys, for example).
    
    We would probably also want to have a brief rolling slide show on KMIP
    on the client and server systems that could be interrupted when the demo
    was run.
    
    Is this worth doing? Do we have KMIP TC members who feel confident in
    being able to dedicate resources (developing the demo, staffing the demo
    at the show, and contributing to cost of the booth) to this demo? (Feel
    free to respond either to the reflector or to Subash and myself.
    
    Regards,
    
    Bob
    
    
    


  • 2.  RE: thoughts on [kmip] OASIS Security Standards Interop Demo at RSAExpo 2010

    Posted 12-17-2009 19:37
    If we go with either scenario, I suggest there be separate clients for each server.  Having 1 client per server, even  if both clients are the same device type, would be preferred over 1 client sharing 2 servers.  
    
    One client connected simultaneously to 2 servers can be perceived (to someone with no KMIP background) as demonstrating some server-server behavior, which is a perception we should probably avoid at this stage.  Plus, 2 server connections for a single purpose isn't expected.  Ideally the clients would represent existing product classes, not an abstraction.
    
    Stan Feather
    HP