1 / 5

KMIP Key Naming for Removable Media Interchange

KMIP Key Naming for Removable Media Interchange. Stan Feather. HP StorageWorks 29 April, 2009. Version 1.0. Key Naming for Storage Media Interchange. Use Cases and Problem Statement Visibility Proposal Outline. Key Naming for Storage Media Interchange Use Cases and Problem Statement.

kioko
Download Presentation

KMIP Key Naming for Removable Media Interchange

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. KMIP Key Namingfor Removable Media Interchange Stan Feather. HP StorageWorks 29 April, 2009. Version 1.0

  2. Key Naming for Storage Media Interchange • Use Cases and Problem Statement • Visibility • Proposal Outline OASIS KMIP

  3. Key Naming for Storage Media InterchangeUse Cases and Problem Statement Use Case. • Interchange encrypted media between multi-vendor storage systems Conditions. • Media interchange exists normally – without encryption • Encryption was transparent to host software • Keys created by each vendor’s solution are stored on a KMIP key server Problem Statement. Multi-vendor interchange breaks when media is encrypted, even though keys are stored on a KMIP key server. OASIS KMIP

  4. Key Naming for Storage Media InterchangeVisibility of Issue Currently, the issue is not visible • Keys are stored on separate servers. No interchange is possible Issue will become visible after KMIP • Multi-vendor clients will store keys on KMIP server • Each vendor’s KMIP client, or an admin, will create named keys • Key names are currently vendor unique • Even with KMIP, multi-vendor media interchange will remain broken OASIS KMIP

  5. Key Naming for Storage Media InterchangeOutline of HP’s Proposal Propose adding a key attribute to assist clients resolve the key’s name. • Un-correlated. (default value). The key is not used in removable media applications. Or, none of the keys’s names correlate to key name(s) stored on the removable media. • Simple correlation. One or more of the key’s names is also stored on the media. The media and the server copies of the name can be matched by simple string compare. • Public correlation algorithm. The server and media copies of the key name can only be matched using a publicly accessible algorithm. The definition and use of these algorithms is outside the scope of KMIP. The definition may specify a key attribute to identify the specific algorithm. • Private correlation algorithm. The server and media copies of the key name can only be matched using a private algorithm. The key may not be accessible in multi-vendor configurations. Propose addition to the the KMIP usage guide to explain use cases for the name-resolution attribute OASIS KMIP

More Related