mirror of
https://github.com/OpenKMIP/PyKMIP.git
synced 2025-07-26 15:34:01 +02:00
Reformatting README to use reStructuredText
This change reformats the README to use the syntax and formatting recognized by reStructuredText parsers. Several typos have been fixed along with minor rephrasing and condensing of text. All external references have officially been replaced with direct links to the documents and document sections in question.
This commit is contained in:
parent
a344fd6e41
commit
87afc0832e
282
README.rst
282
README.rst
@ -1,131 +1,151 @@
|
|||||||
======
|
------
|
||||||
PyKMIP
|
PyKMIP
|
||||||
======
|
------
|
||||||
|
|
||||||
PyKMIP is a Python implementation of the Key Management Interoperability
|
PyKMIP is a Python implementation of the Key Management Interoperability Protocol (KMIP) specification, supporting version 1.1 of the KMIP standard. The KMIP standard is governed by the `Organization for the Advancement of Structured Information Standards`_ (OASIS) and specifies a client/server-based protocol to perform key, certificate, and secret object management, including storage and maintenance operations.
|
||||||
Protocol (KMIP) specification, supporting version 1.1 of the KMIP standard.
|
|
||||||
KMIP is an OASIS standard specifying a client/server-based protocol to perform
|
The PyKMIP library currently provides a KMIP client and server supporting the following operations for the KMIP SymmetricKey managed object:
|
||||||
key, certificate, or generic object management relating generally to storage
|
|
||||||
and maintenance operations. The PyKMIP library currently provides a KMIP
|
* Create
|
||||||
client and server supporting the following operations for the KMIP
|
* Register
|
||||||
SymmetricKey managed object:
|
* Get
|
||||||
|
* Destroy
|
||||||
* create
|
|
||||||
* register
|
Note that KMIP specifies profiles that tailor the standard to specific use cases. The `KMIP Profile Support`_ section includes several profiles that need to be developed for PyKMIP to fully support symmetric key storage and generation capabilities. A list of operations necessary for these profiles is included.
|
||||||
* get
|
|
||||||
* destroy
|
The PyKMIP software-based KMIP server is intended for use only in testing and demonstration environments. Note that the PyKMIP server is **NOT** intended to be a substitute for secured, hardware-based KMIP appliances. The PyKMIP client should be used for operational purposes only with a hardware-based KMIP server. The development of the PyKMIP client and server should take place in parallel to facilitate testing of each operation as it is developed.
|
||||||
|
|
||||||
Note that KMIP specifies profiles that tailor the standard to specific use
|
Platforms
|
||||||
cases. The KMIP Profile Support section below includes several profiles that
|
=========
|
||||||
need to be developed for PyKMIP to more fully support the symmetric key storage
|
PyKMIP has been tested and runs on Ubuntu 12.04 LTS.
|
||||||
and generation capabilities. A list of operations necessary for these profiles
|
|
||||||
are also included.
|
.. _KMIP Profile Support:
|
||||||
|
|
||||||
The PyKMIP software-based KMIP server is intended for use only in testing and
|
KMIP Profile Support
|
||||||
demonstration environments. Note that the PyKMIP server is NOT intended to be
|
====================
|
||||||
a substitute for secured, hardware-based KMIP appliances. The PyKMIP client
|
The KMIP standard includes various profiles that tailor the standard for specific use cases (e.g., symmetric key storage with TLS 1.2). These profiles specify conformance to certain operations and attributes. The operations listed below are needed to support symmetric key profiles, which are also provided below. We would appreciate help in the development of these operations, and have listed our recommended order of development prioritization in descending order. Since active development of these features is already underway, please check the `code base`_ to assess the status of operations prior to development.
|
||||||
should be used for operational purposes only with a hardware-based KMIP server.
|
|
||||||
|
KMIP operations to add to PyKMIP:
|
||||||
Version
|
|
||||||
=======
|
* Discover Versions
|
||||||
Earlier versions of PyKMIP are not intended to support KMIP profiles. Work
|
* List
|
||||||
to further mature PyKMIP to add support for basic profiles is underway (see
|
* Locate
|
||||||
below.) For more information on KMIP profiles, see the OASIS documentation
|
* Check
|
||||||
in the reference section.
|
* Revoke
|
||||||
|
* Get Attributes
|
||||||
Note that development of the PyKMIP client and server should take place in
|
* Get Attribute List
|
||||||
parallel to facilitate testing of each operation as it is developed.
|
* Add Attribute
|
||||||
|
* Modify Attribute
|
||||||
|
* Delete Attribute
|
||||||
Platform
|
* Activate
|
||||||
========
|
* Query
|
||||||
PyKMIP has been tested and runs on Ubuntu 12.04 LTS.
|
|
||||||
|
Note that the Create, Register, Get, and Destroy operations were completed with the initial version of PyKMIP to allow very basic KMIP symmetric key operations.
|
||||||
|
|
||||||
KMIP Profile Support
|
Server Profiles
|
||||||
====================
|
---------------
|
||||||
The KMIP standard includes various profiles that tailor the standard for
|
Server profiles that support KMIP symmetric key operations:
|
||||||
specific use cases, such as for symmetric key storage with TLS1.2 specified.
|
|
||||||
These profiles specify conformance to certain operations and attributes. The
|
* `Basic Baseline Server KMIP Profile`_ (includes TLS 1.0+)
|
||||||
operations listed directly below are needed to support symmetric key profiles
|
|
||||||
also listed below. We would appreciate help in the development of these
|
* Client-to-Server operations needed for this (see the `Baseline Server Clause`_) include:
|
||||||
operations, and have listed our recommended order of development prioritization
|
|
||||||
to consider. This list is in order of decending priority. Since development
|
* Locate
|
||||||
is already underway, and code will be merged, please check the code base to
|
* Check
|
||||||
assess the status of operations prior to development. Note that these operations
|
* Get
|
||||||
support KMIP Profiles that are listed at the end of this document.
|
* Get Attributes
|
||||||
|
* Get Attribute
|
||||||
KMIP Operations to add to PyKMIP, in our recommended order of priority:
|
* List
|
||||||
- Discover Versions
|
* Add Attribute
|
||||||
- Locate
|
* Modify Attribute
|
||||||
- Check
|
* Delete Attribute
|
||||||
- Revoke
|
* Activate
|
||||||
- Get Attributes
|
* Revoke
|
||||||
- Get Attribute List
|
* Destroy
|
||||||
- Add Attribute
|
* Query
|
||||||
- Modify Attribute
|
* Discover Versions
|
||||||
- Delete Attribute
|
|
||||||
- Activate
|
* `Symmetric Key Store and Server TLS 1.2 Authentication KMIP Profile`_
|
||||||
- Query
|
|
||||||
|
* Client-to-Server operations needed for this (see the `Symmetric Key Store and Server Conformance Clause`_) include all operations from the `Basic Baseline Server KMIP Profile`_ and also the Register operation.
|
||||||
Note that Create, Register, Get, and Destroy operations were completed with the
|
|
||||||
initial version of PyKMIP to allow very basic KMIP symmetric key operations.
|
* `Symmetric Key Foundry and Server TLS 1.2 Authentication KMIP profile`_
|
||||||
|
|
||||||
|
* Client-to-Server operations needed for this (see the `Symmetric Key Foundry and Server Conformance Clause`_) include all operations from the `Basic Baseline Server KMIP Profile`_ and also the Create operation.
|
||||||
Profiles that support KMIP symmetric key opererations (see link in references
|
|
||||||
section):
|
Client Profiles
|
||||||
|
---------------
|
||||||
4.2* "Basic Baseline Server KMIP Profile" (includes TLS 1.0+)
|
Client profiles that support KMIP symmetric key operations:
|
||||||
Client to Server Operations needed for this (See 5.2*):
|
|
||||||
Required operations include Locate, Check, Get, Get Attributes, Get Attribute
|
* `Basic Baseline Client KMIP Profile`_ (includes TLS 1.0+)
|
||||||
List, Add Attribute, Modify Attribute, Delete Attribute, Activate, Revoke,
|
|
||||||
Destroy, Query, and Discover Versions (but not Register or Create)
|
* Client-to-Server operations needed for this (see the `Baseline Client Clause`_) include:
|
||||||
|
|
||||||
4.14* "Symmetric Key Store and Server TLS 1.2 Authentication KMIP Profile"
|
* Locate
|
||||||
Client to Server Operations needed for this (See 5.4*)
|
* Check
|
||||||
- All operations from *4.2 and also Register operation
|
* Get
|
||||||
|
* Get Attributes
|
||||||
4.15* "Symmetric Key Foundry and Server TLS 1.2 Authentication KMIP profile"
|
* Get Attribute
|
||||||
Client to Server Operations needed for this (See 5.5*)
|
* List
|
||||||
- All operations from *4.2 and also Create operation
|
* Add Attribute
|
||||||
|
* Modify Attribute
|
||||||
4.22* "Basic Baseline Client KMIP Profile" (includes TLS 1.0+)
|
* Delete Attribute
|
||||||
Client to Server Operations needed for this (See 5.12*):
|
* Activate
|
||||||
Required operations include Locate, Check, Get, Get Attributes, Get Attribute
|
* Revoke
|
||||||
List, Add Attribute, Modify Attribute, Delete Attribute, Activate, Revoke,
|
* Destroy
|
||||||
Destroy, Query, and Discover Versions (but not Register or Create)
|
* Query
|
||||||
|
* Discover Versions
|
||||||
4.34* "Symmetric Key Store Client TLS 1.2 Authentication KMIP Profile"
|
|
||||||
Client to Server Operations needed for this (See 5.14*)
|
* `Symmetric Key Store Client TLS 1.2 Authentication KMIP Profile`_
|
||||||
- All operations from *4.22 and also Register operation
|
|
||||||
|
* Client-to-Server operations needed for this (see the `Symmetric Key Store Client Conformance Clause`_) include all operations from the `Basic Baseline Client KMIP Profile`_ and also the Register operation.
|
||||||
4.35* "Symmetric Key Foundry Client TLS 1.2 Authentication KMIP profile"
|
|
||||||
Client to Server Operations needed for this (See 5.15*)
|
* `Symmetric Key Foundry Client TLS 1.2 Authentication KMIP Profile`_
|
||||||
- All operations from *4.22 and also Create operation
|
|
||||||
|
* Client-to-Server operations needed for this (see the `Symmetric Key Foundry Client Conformance Clause`_) include all operations from the `Basic Baseline Client KMIP Profile`_ and also the Create operation.
|
||||||
4.42* "Storage Client TLS 1.2 Authentication KMIP Profile"
|
|
||||||
Client to Server Operations needed for this (See 5.21*)
|
* `Storage Client TLS 1.2 Authentication KMIP Profile`_
|
||||||
- All operations from *4.22, Register from *4.34, and Create from *4.35
|
|
||||||
|
* Client-to-Server operations needed for this (see the `Storage Client Conformance Clauses`_) include all operations from the `Basic Baseline Client KMIP Profile`_, the Register operation from the `Symmetric Key Store Client TLS 1.2 Authentication KMIP Profile`_, and the Create operation from the `Symmetric Key Foundry Client TLS 1.2 Authentication KMIP Profile`_.
|
||||||
|
|
||||||
* This designator points to a section in the Key Management Interoperability
|
References
|
||||||
Profiles Version 1.1. The link to this document is in the references section
|
==========
|
||||||
below.
|
The source code for PyKMIP is hosted on GitHub and the library is available for installation from the Python Package Index (PyPI):
|
||||||
|
|
||||||
References
|
* `GitHub <https://github.com/OpenKMIP/PyKMIP>`_
|
||||||
==========
|
* `PyPI <https://pypi.python.org/pypi/PyKMIP>`_
|
||||||
|
|
||||||
For more information on the KMIP specification, see the `OASIS documentation
|
For more information on KMIP version 1.1, see the following documentation:
|
||||||
for KMIP
|
|
||||||
<http://docs.oasis-open.org/kmip/spec/v1.1/os/kmip-spec-v1.1-os.html>`_.
|
* `Key Management Interoperability Protocol Specification Version 1.1`_
|
||||||
<http://docs.oasis-open.org/kmip/profiles/v1.1/os/kmip-profiles-v1.1-os.html>`_.
|
* `Key Management Interoperability Protocol Profiles Version 1.1`_
|
||||||
|
* `Key Management Interoperability Protocol Test Cases Version 1.1`_
|
||||||
|
|
||||||
Contributors
|
Contributors
|
||||||
============
|
============
|
||||||
|
|
||||||
Many thanks to the developers who created PyKMIP:
|
Many thanks to the developers who created PyKMIP:
|
||||||
|
|
||||||
Nathan Reller <nathan.reller@jhuapl.edu>
|
* `Nathan Reller <nathan.reller@jhuapl.edu>`_
|
||||||
Peter Hamilton <peter.hamilton@jhuapl.edu>
|
* `Peter Hamilton <peter.hamilton@jhuapl.edu>`_
|
||||||
Kaitlin Farr <kaitlin.farr@jhuapl.edu>
|
* `Kaitlin Farr <kaitlin.farr@jhuapl.edu>`_
|
||||||
|
|
||||||
|
.. _code base: https://github.com/OpenKMIP/PyKMIP
|
||||||
|
.. _Organization for the Advancement of Structured Information Standards: https://www.oasis-open.org/
|
||||||
|
.. _Key Management Interoperability Protocol Specification Version 1.1: http://docs.oasis-open.org/kmip/spec/v1.1/os/kmip-spec-v1.1-os.html
|
||||||
|
.. _Key Management Interoperability Protocol Profiles Version 1.1: http://docs.oasis-open.org/kmip/profiles/v1.1/os/kmip-profiles-v1.1-os.html
|
||||||
|
.. _Key Management Interoperability Protocol Test Cases Version 1.1: http://docs.oasis-open.org/kmip/testcases/v1.1/cn01/kmip-testcases-v1.1-cn01.html
|
||||||
|
.. _Basic Baseline Server KMIP Profile: http://docs.oasis-open.org/kmip/profiles/v1.1/os/kmip-profiles-v1.1-os.html#_Toc332820691
|
||||||
|
.. _Symmetric Key Store and Server TLS 1.2 Authentication KMIP Profile: http://docs.oasis-open.org/kmip/profiles/v1.1/os/kmip-profiles-v1.1-os.html#_Toc332820703
|
||||||
|
.. _Symmetric Key Foundry and Server TLS 1.2 Authentication KMIP Profile: http://docs.oasis-open.org/kmip/profiles/v1.1/os/kmip-profiles-v1.1-os.html#_Toc332820704
|
||||||
|
.. _Basic Baseline Client KMIP Profile: http://docs.oasis-open.org/kmip/profiles/v1.1/os/kmip-profiles-v1.1-os.html#_Toc332820711
|
||||||
|
.. _Symmetric Key Store Client TLS 1.2 Authentication KMIP Profile: http://docs.oasis-open.org/kmip/profiles/v1.1/os/kmip-profiles-v1.1-os.html#_Toc332820723
|
||||||
|
.. _Symmetric Key Foundry Client TLS 1.2 Authentication KMIP Profile: http://docs.oasis-open.org/kmip/profiles/v1.1/os/kmip-profiles-v1.1-os.html#_Toc332820724
|
||||||
|
.. _Storage Client TLS 1.2 Authentication KMIP Profile: http://docs.oasis-open.org/kmip/profiles/v1.1/os/kmip-profiles-v1.1-os.html#_Toc332820731
|
||||||
|
.. _Baseline Server Clause: http://docs.oasis-open.org/kmip/profiles/v1.1/os/kmip-profiles-v1.1-os.html#_Toc332820736
|
||||||
|
.. _Symmetric Key Store and Server Conformance Clause: http://docs.oasis-open.org/kmip/profiles/v1.1/os/kmip-profiles-v1.1-os.html#_Toc332820742
|
||||||
|
.. _Symmetric Key Foundry and Server Conformance Clause: http://docs.oasis-open.org/kmip/profiles/v1.1/os/kmip-profiles-v1.1-os.html#_Toc332820745
|
||||||
|
.. _Baseline Client Clause: http://docs.oasis-open.org/kmip/profiles/v1.1/os/kmip-profiles-v1.1-os.html#_Toc332820766
|
||||||
|
.. _Symmetric Key Store Client Conformance Clause: http://docs.oasis-open.org/kmip/profiles/v1.1/os/kmip-profiles-v1.1-os.html#_Toc332820772
|
||||||
|
.. _Symmetric Key Foundry Client Conformance Clause: http://docs.oasis-open.org/kmip/profiles/v1.1/os/kmip-profiles-v1.1-os.html#_Toc332820775
|
||||||
|
.. _Storage Client Conformance Clauses: http://docs.oasis-open.org/kmip/profiles/v1.1/os/kmip-profiles-v1.1-os.html#_Toc332820793
|
Loading…
x
Reference in New Issue
Block a user