Use Cases Description / User Story
As described in its specification, KMIP is a protocol used for communication between clients and servers to perform management operations on objects stored and maintained by a key management system. Since clients may generate or store objects on servers, servers need to represent clients internally in some fashion. Typically an administrator role is introduced on a server in order to configure, facilitate and oversee the state of the objects stored on the server and the state/configuration of the server itself.
Another typical administrator role is to ensure that the key management server being configured can be trusted and can be accessed over a secure channel. The latter can be done by configuring admin access credentials on the server during server installation out-of-band (with respect to KMIP).
Subsequently, administrator of a key management system may use a management application that communicates with the server using KMIP protocol. Using this application the administrator can list, edit or remove representations of clients registered on this server or their access credentials. Administrator can view or modify certain server configuration parameters that are not accessible to ordinary users of the server, such as its networking configuration, logging or diagnostics. Administrators can create, modify or delete access credentials for other administrators.
Attaching attributes to user representations and manipulating such attributes is also useful in the context of key management. For example, a geographic location parameter can be attached to each user in order to log and collect information on the patterns of server usage.
The same interface can be used by clients to control their own access, such as renewing their access credentials or checking their validity period.
Goal or Desired Outcome
One of the goals of the server administration over KMIP is the ability to access different servers in a uniform fashion. This includes not only the ability of the server to support the message exchange protocol, but also have a common concept of client representations.
Categories Covered:
User management by an Admin
Administrator management (by another Admin)
User attributes
User self-administration
|
Applicable Deployment and Service Models:
|
Actors:
KMIP Server Administrator (Admin)
Computer or human agent performing KMIP Operations on KMIP Objects using Client (User)
|
Systems:
KMIP Sever (Server)
Administration Software Application (Admin client)
KMIP Software Client Application (Client)
|
Notable Services:
|
Dependencies:
Servers provide a mechanism for Users and Admins to have credentials that can be used for authentication
Admin configures administrator access credentials on the server during server installation out-of-band (with respect to KMIP)
Admin runs Client and connects using KMIP to Server
Admin uses access credentials to authenticate self
|
Assumptions:
User stories are limited to provisioning of users and their characteristics, not sharing of objects and access control
User credentials contain unique User Identifiers
Admin credentials contain unique Administrator Identifiers
|
Process Flow
Manage users:
Admin lists User Identifiers registered with Server.
Admin resets User credential for userN.
Admin creates userN+1 with its access credentials.
Admin removes userN-1’s access to the keys by deleting user list entry, including credentials.
Manage administrators:
Admin lists all Admin identifiers registered with Server.
Admin creates adminN entry in the list of administrators along with a new set of Admin credentials.
Admin deletes adminN-1 entry in the list of administrators with credentials.
User attributes:
Admin attaches attribute attrX to userN’s entry on the Server.
Admin lists user identifiers and attributes.
User self-administration:
UserN checks the validity period of his credentials.
UserN updates his own credentials
|
