As described in its specification, KMIP is a protocol used for communication between clients and servers to perform management operations on objects stored and maintained by a key management system. Since clients may generate or store objects on servers, servers need to represent clients internally in some fashion. Typically an administrator role is introduced on a server in order to configure, facilitate and oversee the state of the objects stored on the server and the state/configuration of the server itself.
Another typical administrator role is to ensure that the key management server being configured can be trusted and can be accessed over a secure channel. The latter can be done by configuring admin access credentials on the server during server installation out-of-band (with respect to KMIP).
Subsequently, administrator of a key management system may use a management application that communicates with the server using KMIP protocol. Using this application the administrator can list, edit or remove representations of clients registered on this server or their access credentials. Administrator can view or modify certain server configuration parameters that are not accessible to ordinary users of the server, such as its networking configuration, logging or diagnostics. Administrators can create, modify or delete access credentials for other administrators.
Attaching attributes to user representations and manipulating such attributes is also useful in the context of key management. For example, a geographic location parameter can be attached to each user in order to log and collect information on the patterns of server usage.
The same interface can be used by clients to control their own access, such as renewing their access credentials or checking their validity period.
Goal or Desired Outcome
One of the goals of the server administration over KMIP is the ability to access different servers in a uniform fashion. This includes not only the ability of the server to support the message exchange protocol, but also have a common concept of client representations.