Proposal for Query Version

Created by: Indra Fitzgerald, HP and Bruce Rich, IBM

Version: 1.6

Date: April26, 2011

The purpose of this proposal is to allow clientsand servers to identify a protocol version both client and server understand.

1

2

3

4

4.1

4.2

4.3

4.4

4.5

4.6

4.7

4.8

4.9

4.10

4.11

4.12

4.13

4.14

4.15

4.16

4.17

4.18

4.19

4.20

4.21

4.22

4.23

4.24

4.25

4.26

4.27 Query Version

This request is used by the client to determinea list of protocol versions that issupported by the server.The request payload contains an optional list of protocol versions that is supported by the client. The protocol versions SHALL be ranked in order of preference (highest preference first).

The response payload containsa list of protocol versions that is supported by the server. The protocol versions are ranked in order of preference (highest preference first). If the client provides the server with a list of supported protocol versions in the request payload, the server SHALL returnonly the protocol versions that are supported by both the client and server. If no protocol versions are specified in the request payload, the server SHALL simply return all the protocol versions that are supported by the server.

Request Payload
Object / REQUIRED / Description
Protocol Version, see 6.1 / No / Thelist of protocol versions supported by the client ordered in highest preference first.

Table 1XX: Query Version Request Payload

Response Payload
Object / REQUIRED / Description
Protocol Version, see 6.1 / Yes / Thelist of protocol versions supported by the server ordered in highest preference first.

Table 1XX: Query Version Response Payload

9.1.3.2.26 Operation Enumeration

Operation
Name / Value
Create / 00000001
Create Key Pair / 00000002
Register / 00000003
Re-key / 00000004
Derive Key / 00000005
Certify / 00000006
Re-certify / 00000007
Locate / 00000008
Check / 00000009
Get / 0000000A
Get Attributes / 0000000B
Get Attribute List / 0000000C
Add Attribute / 0000000D
Modify Attribute / 0000000E
Delete Attribute / 0000000F
Obtain Lease / 00000010
Get Usage Allocation / 00000011
Activate / 00000012
Revoke / 00000013
Destroy / 00000014
Archive / 00000015
Recover / 00000016
Validate / 00000017
Query / 00000018
Cancel / 00000019
Poll / 0000001A
Notify / 0000001B
Put / 0000001C
Query Version / 0000001D
Extensions / 8XXXXXXX

12.1 Conformance clauses for a KMIP Server

  1. Supports the following client-to-server operations:
  2. Locate (see 4.8)
  3. Check (see 4.9)
  4. Get (see 4.10)
  5. Get Attribute (see 4.11)
  6. Get Attribute List (see 4.12)
  7. Add Attribute (see 4.13)
  8. Modify Attribute (see 4.14)
  9. Delete Attribute (see 4.15)
  10. Activate (see 4.18)
  11. Revoke (see 4.19)
  12. Destroy (see 4.20)
  13. Query (see 4.24)
  14. Query Version ( see 4.27)

C. Operation and Object Cross-reference

Operation / Managed Objects
Certificate / Symmetric Key / Public Key / Private Key / Split Key / Template / Secret Data / Opaque Object
Create / N/A / Y / N/A / N/A / N/A / Y / N/A / N/A
Create Key Pair / N/A / N/A / Y / Y / N/A / N/A / N/A / N/A
Register / Y / Y / Y / Y / Y / Y / Y / Y
Re-Key / N/A / Y / N/A / N/A / N/A / Y / N/A / N/A
Derive Key / N/A / Y / N/A / N/A / N/A / Y / Y / N/A
Certify / Y / N/A / Y / N/A / N/A / Y / N/A / N/A
Re-certify / Y / N/A / N/A / N/A / N/A / Y / N/A / N/A
Locate / Y / Y / Y / Y / Y / Y / Y / Y
Check / Y / Y / Y / Y / Y / N/A / Y / Y
Get / Y / Y / Y / Y / Y / Y / Y / Y
Get Attributes / Y / Y / Y / Y / Y / Y / Y / Y
Get Attribute List / Y / Y / Y / Y / Y / Y / Y / Y
Add Attribute / Y / Y / Y / Y / Y / Y / Y / Y
Modify Attribute / Y / Y / Y / Y / Y / Y / Y / Y
Delete Attribute / Y / Y / Y / Y / Y / Y / Y / Y
Obtain Lease / Y / Y / Y / Y / Y / N/A / Y / N/A
Get Usage Allocation / N/A / Y / Y / Y / N/A / N/A / N/A / N/A
Activate / Y / Y / Y / Y / Y / N/A / Y / N/A
Revoke / Y / Y / N/A / Y / Y / N/A / Y / Y
Destroy / Y / Y / Y / Y / Y / Y / Y / Y
Archive / Y / Y / Y / Y / Y / Y / Y / Y
Recover / Y / Y / Y / Y / Y / Y / Y / Y
Validate / Y / N/A / N/A / N/A / N/A / N/A / N/A / N/A
Query / N/A / N/A / N/A / N/A / N/A / N/A / N/A / N/A
Cancel / N/A / N/A / N/A / N/A / N/A / N/A / N/A / N/A
Poll / N/A / N/A / N/A / N/A / N/A / N/A / N/A / N/A
Notify / N/A / N/A / N/A / N/A / N/A / N/A / N/A / N/A
Put / Y / Y / Y / Y / Y / Y / Y / Y
Query Version / N/A / N/A / N/A / N/A / N/A / N/A / N/A / N/A

Things to consider

  1. Serverssupporting KMIP version 1.1 or above are required to support the Query Version operation.
  2. Future changes to theQuery Versionoperation should not affect backward compatibility.
  3. KMIP version 1.0 will not support the Query Version operation. It should be permissible for servers to support this operation and report support for it in the Query response.
  4. If the Query Version request is sent to a KMIP 1.0 server and the server does not support the operation, the server shall return the “Operation Not Supported” error.
  5. The Query Version operation addresses both the“dumb” and “smart” client scenarios. Dumb clients can simply pick the first protocol version that is returned by the server, assuming that the client provided the server with the list of supported protocol versions. Smart clients canrequest the server to return the complete list of supported protocol versions by sending an empty request payload and pick a protocol version that is supported by both client and server.