Version 4.1 Containerized IBM Security Key Lifecycle · 2020. 4. 27. · IBM Conﬁdential DRAFT - NOT FOR PUBLICATION Chapter 1. User management REST services You can use the user

Containerized IBM Security Key LifecycleManagerVersion 4.1

User Management REST ServiceDocumentation(BETA)

IBMIBM Confidential

DRAFT - NOT FOR PUBLICATION IBM Confidential

Note

Before you use this information and the product it supports, read the information in “Notices” on page43.

Product information

The Beta Program and this documentation is provided to you AS IS without any warranties express or implied, includingthe warranty of merchantability or fitness for a particular purpose. IBM may choose, in its own discretion, to changefeatures and functions this Beta Program prior to being made generally available or choose not to make this BetaProgram generally available.© Copyright International Business Machines Corporation 2008, 2020.US Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contract withIBM Corp.

IBM Confidential DRAFT - NOT FOR PUBLICATION

Contents

Chapter 1. User management REST services.......................................................... 1Add Role REST Service................................................................................................................................1Add User Group REST Service.................................................................................................................... 3Assign Role to User REST Service.............................................................................................................. 5Assign Role to User Group REST Service................................................................................................... 7Assign User to Group REST Service........................................................................................................... 9Delete Role REST Service......................................................................................................................... 11Delete Role from User REST Service........................................................................................................13Delete Role from User Group REST Service.............................................................................................15Delete User REST Service......................................................................................................................... 17Delete User from Group REST Service.....................................................................................................19Delete User Group REST Service..............................................................................................................21Get Roles REST Service............................................................................................................................ 23Get Users REST Service............................................................................................................................ 27Get User Details REST Service................................................................................................................. 29Get User Role Details REST Service.........................................................................................................32Get User Groups REST Service.................................................................................................................34Get User Group Details REST Service...................................................................................................... 36Update Role REST Service........................................................................................................................ 39Update User Group REST Service.............................................................................................................41

Notices................................................................................................................43Terms and conditions for product documentation.................................................................................. 44Trademarks................................................................................................................................................ 45

iii


iv


Chapter 1. User management REST services

You can use the user management REST services or APIs to manage and work with IBM® Security Key Lifecycle Manager users, user roles, and user groups. You must have administrative privileges to perform these operations.

Add Role REST ServiceUse Add Role REST Service to add a user role in IBM Security Key Lifecycle Manager.

OperationPOST

URLhttps://<host>:<port >/SKLM/rest/v1/ckms/usermanagement/roles/{roleName}

By default, IBM Security Key Lifecycle Manager server listens to non-secure port 9080 (HTTP) and secureport 9443 (HTTPS) for communication. During IBM Security Key Lifecycle Manager installation, you canmodify these default ports.

Request

Parameter Description

host Specify the IP address or host name of the IBM Security Key LifecycleManager server.

port Specify the port number on which the IBM Security Key LifecycleManager server listens for requests.

Request Parameters

Header name Value

Content-Type application/json

Accept application/json

Authorization SKLMAuth userAuthId=<authIdValue>

Accept-Language Any valid locale that is supported by IBM Security Key LifecycleManager. For example: en or de

Request Headers

JSON property name Description

roleName Specify a name for the user role that you want to add.

Path parameter

JSON object with the following specification.


description Specify a description for the role that you want to add.

Request Body


© Copyright IBM Corp. 2008, 2020 1


Response

Header name Value and description

Status Code 200 OKThe request was successful. The response body contains therequested representation.

400 Bad RequestThe authentication information was not provided in the correctformat.

401 UnauthorizedThe authentication credentials were missing or incorrect.

404 Not Found ErrorThe processing of the request fails.

500 Internal Server ErrorThe processing of the request fails because of an unexpectedcondition on the server.


Content-Language Locale for the response message.

Response Headers


code Returns the code that is specified by the status property.

status Returns the status to indicate if the operation was successful.

Success Response Body



code Returns the application error code.

message Returns a message that describes the error.

Error Response Body


ExampleAdd a user role

POST https://host:port/SKLM/rest/v1/ckms/usermanagement/roles/DS5000_Custom{"description":"Role for DS5000_custom device group"}

Success response

{ "code": "0", "status": "Succeeded"}

Error response

{ "code": "CTGKM5004E",

2 Containerized IBM Security Key Lifecycle Manager : User Management REST Service Documentation


"message": "CTGKM5004E Object with the same name DS5000_Custom already exists."}

Add User Group REST ServiceUse Add User Group REST Service to add a user group in IBM Security Key Lifecycle Manager.

OperationPOST

URLhttps://<host>:<port >/SKLM/rest/v1/ckms/usermanagement/groups/{groupName}


Request




Request Parameters

Header name Value





Request Headers


groupName Specify a name for the user group that you want to add.

Path Parameter



description Specify a description for the user group that you want to add.

Request Body


Response

Chapter 1. User management REST services 3










Response Headers









Error Response Body


ExampleAdd a user group

POST https://host:port/SKLM/rest/v1/ckms/usermanagement/groups/DS5000_CUSTOM_GROUP{"description":"This group is created for administering DS5000 device groups"}

Success response


Error response

{ "code": "CTGKM6002E", "message": "CTGKM6002E Bad Request: Invalid user authentication ID or invalid request format."



}

Assign Role to User REST ServiceUse Assign Role to User REST Service to assign a role to a user.

OperationPOST

URLhttps://<host>:<port/SKLM/rest/v1/ckms/usermanagement/rolesuser


Request




Request Parameters

Header name Value





Request Headers


roleName Required. Specify the name of the role that you want to assign to theuser.

userName Required. Specify the name of the user to which you want to assign arole.

Request Body


Response











Response Headers









Error Response Body


ExampleAssign a role to a user

POST https://host:port/SKLM/rest/v1/ckms/usermanagement/rolesuser{"roleName":"DS5000_Custom","userName":"DS5000user"}

Success response


Error response

{ "code": "CTGKM3040E", "message": "CTGKM3040E Object with identifier DS5000_Custom cannot be found."}



Assign Role to User Group REST ServiceUse Assign Role to User Group REST Service to assign a user role to a user group.

OperationPOST

URLhttps://<host>:<port >/SKLM/rest/v1/ckms/usermanagement/rolesgroup


Request




Request Parameters

Header name Value





Request Headers


roleName Specify the user role that you want to assign to the user group.

groupName Specify the user group to which you want to assign the role.

Request Body


Response











Response Headers









Error Response Body


ExampleAssign a role to a user group

POST https://host:port/SKLM/rest/v1/ckms/usermanagement/rolesgroup{"roleName":"DS5000_Custom","groupName":"DS5000_CUSTOM_GROUP"}

Success response


Error response




}

Assign User to Group REST ServiceUse Assign User to Group REST Service to assign a user to a user group.

OperationPOST

URLhttps://<host>:<port >/SKLM/rest/v1/ckms/usermanagement/groupuser


Request




Request Parameters

Header name Value





Request Headers


groupName Specify the name of the user group to which you are adding the user.

userName Specify the user that you want to assign to the user group.

Request Body


Response











Response Headers









Error Response Body


ExampleAdd a user to a group

POST https://host:port/SKLM/rest/v1/ckms/usermanagement/groupuser{"groupName":"DS5000_CUSTOM_GROUP","userName":"DS5000user"}

Success response


Error response

{ "code": "CTGKM5004E", "message": "CTGKM5004E Object with the same name DS5000user already exists."}



Delete Role REST ServiceUse Delete Role REST Service to delete a user role.

OperationDELETE

URLhttps://<host>:<port>/SKLM/rest/v1/ckms/usermanagement/roles/{roleName}


Request




Request Parameters

Header name Value





Request Headers


roleName Specify the name of the user role that you want to delete.

Path parameter


Response











Response Headers









Error Response Body


ExampleDelete a user role

DELETE https://host:port/SKLM/rest/v1/ckms/usermanagement/roles/DS5000_new

Success response


Error response

{ "code": "CTGKM6002E", "message": "CTGKM6002E Bad Request: Invalid user authentication ID or invalid request format."}



Delete Role from User REST ServiceUse Delete Role from User REST Service to delete the assignment of a user role from a user.

OperationDELETE

URLhttps://<host>:<port>/SKLM/rest/v1/ckms/usermanagement/rolesuser


Request




Request Parameters

Header name Value





Request Headers


roleName Specify the user role that you want to disassociate from a user.

userName Specify the user that has the assigned role.

Request Body


Response











Response Headers









Error Response Body


ExampleRemove a user role from a user

DELETE https://<host>:<port>/SKLM/rest/v1/ckms/usermanagement/rolesgroup{"roleName":"DS5000_new","groupName":"DS5000_CUSTOM_GROUP"}

Success response


Error response




}

Delete Role from User Group REST ServiceUse Delete Role from User Group REST Service to remove a user role from a user group. Theuser role is not removed but is disassociated from the user group.

OperationDELETE

URLhttps://<host>:<port>/SKLM/rest/v1/ckms/usermanagement/rolesgroup


Request




Request Parameters

Header name Value





Request Headers


roleName Specify the user role that you want to delete from the user group.

groupName Specify the user group from which you want to delete or disassociate therole.

Request Body


Response











Response Headers









Error Response Body


ExampleDelete a user role from a user group

DELETE https://<host>:<port>/SKLM/rest/v1/ckms/usermanagement/rolesgroup{"roleName":"LTO_CUSTOM","groupName":"LTO_NEW"}

Success response


Error response




}

Delete User REST ServiceUse Delete User REST Service to delete a user and remove all its assigned user roles and usergroups.

OperationDELETE

URLhttps://<host>:<port>/SKLM/rest/v1/ckms/usermanagement/users/{userName}


Request




Request Parameters

Header name Value





Request Headers


userName Specify the user name of the user that you want to delete.

Path Parameter


Response











Response Headers









Error Response Body


ExampleDelete a user

DELETE https://host:port/SKLM/rest/v1/ckms/usermanagement/users/LTOAdmin

Success response


Error response




Delete User from Group REST ServiceUse Delete User from Group REST Service to remove a user from a user group.

OperationDELETE

URLhttps://<host>:<port>/SKLM/rest/v1/ckms/usermanagement/groupuser


Request




Request Parameters

Header name Value





Request Headers


groupName Specify the name of the user group from which you want to remove theuser.

userName Specify the name of the user that you want to remove.

Request Body


Response











Response Headers









Error Response Body


ExampleRemove a user from a user group

DELETE https://<host>:<port>/SKLM/rest/v1/ckms/usermanagement/groupuser{"groupName":"DS5000_CUSTOM_GROUP","userName":"DS5000user"}

Success response


Error response




}

Delete User Group REST ServiceUse Delete User Group REST Service to delete a user group. The assigned users and user roles arenot deleted but are disassociated from the group.

OperationDELETE

URLhttps://<host>:<port>/SKLM/rest/v1/ckms/usermanagement/groups/{groupName}


Request




Request Parameters

Header name Value





Request Headers


groupName Specify the name of the user group that you want to delete.

Path parameter


Response











Response Headers









Error Response Body


ExampleDelete a user group

DELETE https://<host>:<port>/SKLM/rest/v1/ckms/usermanagement/groups/LTO_NEW

Success response


Error response




Get Roles REST ServiceUse Get Roles REST Service to retrieve a list of all the user roles in IBM Security Key LifecycleManager.

OperationGET

URLhttps://<host>:<port>/SKLM/rest/v1/ckms/usermanagement/roles


Request




Request Parameters

Header name Value





Request Headers

Response







Response Headers






Response Headers (continued)


code Returns 0 when the request is successful. Otherwise, returns 1.

For every role, the following details are returned:

name Returns the name of the user role.

description Returns the description of the user role.

isDefault Indicates whether the user role and its associations are provided bydefault during product installation (return value = true) or added later bya user (return value = false).

You cannot modify or delete a default user role.






Error Response Body


ExamplesRetrieve list of all the user roles

GET https://host:port/SKLM/rest/v1/ckms/usermanagement/roles

Success response

[ { "name": "administrator", "description": "", "isDefault": true }, { "name": "operator", "description": "", "isDefault": true }, { "name": "configurator", "description": "", "isDefault": true }, { "name": "monitor", "description": "", "isDefault": true }, { "name": "deployer",



"description": "", "isDefault": true }, { "name": "adminsecuritymanager", "description": "", "isDefault": true }, { "name": "nobody", "description": "", "isDefault": true }, { "name": "iscadmins", "description": "", "isDefault": true }, { "name": "klmSecurityOfficer", "description": "", "isDefault": true }, { "name": "klmBackup", "description": "", "isDefault": true }, { "name": "klmConfigure", "description": "", "isDefault": true }, { "name": "klmRestore", "description": "", "isDefault": true }, { "name": "klmAudit", "description": "", "isDefault": true }, { "name": "klmView", "description": "", "isDefault": true }, { "name": "klmCreate", "description": "", "isDefault": true }, { "name": "klmModify", "description": "", "isDefault": true }, { "name": "klmDelete", "description": "", "isDefault": true }, { "name": "klmGet", "description": "", "isDefault": true }, { "name": "klmAdminDeviceGroup", "description": "", "isDefault": true }, { "name": "LTO", "description": "", "isDefault": true }, { "name": "TS3592", "description": "", "isDefault": true



}, { "name": "DS5000", "description": "", "isDefault": true }, { "name": "DS8000", "description": "", "isDefault": true }, { "name": "GENERIC", "description": "", "isDefault": true }, { "name": "BRCD_ENCRYPTOR", "description": "", "isDefault": true }, { "name": "ONESECURE", "description": "", "isDefault": true }, { "name": "suppressmonitor", "description": "", "isDefault": true }, { "name": "ETERNUS_DX", "description": "", "isDefault": true }, { "name": "IBM_SYSTEM_X_SED", "description": "", "isDefault": true }, { "name": "XIV", "description": "", "isDefault": true }, { "name": "GPFS", "description": "", "isDefault": true }, { "name": "PEER_TO_PEER", "description": "", "isDefault": true }, { "name": "DS8000_TCT", "description": "", "isDefault": true }, { "name": "klmClientUser", "description": "", "isDefault": true }, { "name": "klmFileTransfer", "description": "", "isDefault": true }, { "name": "LTO_CUSTOM", "description": "This is a new role created for the custom LTO group", "isDefault": false }, { "name": "DS5000_Custom", "description": "Role for DS500_custom device group", "isDefault": false }



]

Error response


Get Users REST ServiceUse Get Users REST Service to retrieve a list of all the users in IBM Security Key Lifecycle Manager.

OperationGET

URLhttps://<host>:<port>/SKLM/rest/v1/ckms/usermanagement/users


Request




Request Parameters

Header name Value





Request Headers

Response











Response Headers



user Returns a comma-separated list of all the users.






Error Response Body


ExamplesRetrieve list of all the users

GET https://host:port/SKLM/rest/v1/ckms/usermanagement/users

Success response

[ "ds5000user", "sklmadmin", "ltouser"]

Error response




}

Get User Details REST ServiceUse Get User Details REST Service to retrieve details of a user such as the assigned roles andgroups.

OperationGET

URLhttps://<host>:<port>/SKLM/rest/v1/ckms/usermanagement/users/{userName}


Request




Request Parameters

Header name Value





Request Headers


userName Specify the user name for which you want to retrieve the details.

Path parameter


Response











Response Headers



name Returns the name of the user.

description Returns the description of the user.

isDefault Indicates whether the user and its associations are provided by defaultduring product installation (return value = true) or added later by a user(return value = false).

You cannot modify or delete a default user.

roles Returns details of the user roles that are assigned to the user.

groups Returns details of the user groups to which the user belongs.






Error Response Body


ExampleGet details of a user

GET https://host:port/SKLM/rest/v1/ckms/usermanagement/users/LTOuser



Success response

{ "name": "ltouser", "isDefault": false, "roles": [ { "name": "monitor", "roleAssignment": "group", "groupName": "klmGUICLIAccessGroup", "isDefault": true }, { "name": "suppressmonitor", "roleAssignment": "group", "groupName": "klmGUICLIAccessGroup", "isDefault": true }, { "name": "klmConfigure", "roleAssignment": "group", "groupName": "LTO_CUSTOM_GROUP", "isDefault": false }, { "name": "klmView", "roleAssignment": "group", "groupName": "LTO_CUSTOM_GROUP", "isDefault": false }, { "name": "klmRestore", "roleAssignment": "group", "groupName": "LTO_CUSTOM_GROUP", "isDefault": false }, { "name": "klmAudit", "roleAssignment": "group", "groupName": "LTO_CUSTOM_GROUP", "isDefault": false }, { "name": "klmCreate", "roleAssignment": "group", "groupName": "LTO_CUSTOM_GROUP", "isDefault": false }, { "name": "suppressmonitor", "roleAssignment": "group", "groupName": "LTO_CUSTOM_GROUP", "isDefault": false }, { "name": "klmGet", "roleAssignment": "group", "groupName": "LTO_CUSTOM_GROUP", "isDefault": false }, { "name": "LTO_CUSTOM", "roleAssignment": "group", "groupName": "LTO_CUSTOM_GROUP", "isDefault": false }, { "name": "administrator", "roleAssignment": "group", "groupName": "LTO_CUSTOM_GROUP", "isDefault": false }, { "name": "klmBackup", "roleAssignment": "group", "groupName": "LTO_CUSTOM_GROUP", "isDefault": false }, { "name": "klmDelete", "roleAssignment": "group",



"groupName": "LTO_CUSTOM_GROUP", "isDefault": false } ], "groups": [ { "name": "klmGUICLIAccessGroup", "isDefault": false }, { "name": "LTO_CUSTOM_GROUP", "description": "This is a new group created for the administering extended LTO device", "isDefault": false } ]}

Error response


Get User Role Details REST ServiceUse to retrieve details for a user role, such as role description, assigned users, and assigned groups.

OperationGET

URLhttps://<host>:<port>/SKLM/rest/v1/ckms/usermanagement/roles/{roleName}


Request




Request Parameters

Header name Value





Request Headers

Response











Response Headers


roleName Specify the user role for which you want to retrieve the details.

Path parameter




name Returns the name of the user role.

description Returns the description of the user role.

isDefault Indicates whether the user role and its associations are provided bydefault during product installation (return value = true) or added later bya user (return value = false).

You cannot modify or delete a default user role.

groups Returns details of the associated user groups.

users Returns details of the associated users.






Error Response Body




ExampleRetrieve details for a user role

GET https://host:port/SKLM/rest/v1/ckms/usermanagement/roles/LTO_CUSTOM

Success response

{ "name": "LTO_CUSTOM", "description": "This is a new role created for the custom LTO group", "isDefault": false, "groups": [ { "name": "LTO_CUSTOM_GROUP", "description": "This is a new group created for the administering extended LTO device", "isDefault": false } ], "users": []}

Error response


Get User Groups REST ServiceUse Get User Groups REST Service to retrieve all the user groups in IBM Security Key LifecycleManager.

OperationGET

URLhttps://<host>:<port>/SKLM/rest/v1/ckms/usermanagement/groups


Request




Request Parameters

Header name Value




Request Headers



Header name Value


Request Headers (continued)

Response









Response Headers



For every user group, the following details are returned:

name Returns the name of the user group.

description Returns the description of the user group.

isDefault Indicates whether the user group and its associations are provided bydefault during product installation (return value = true) or added later bya user (return value = false).

You cannot modify or delete a default user group.

roles Returns details of the roles that are assigned to the user group.

users Returns details of the users that are assigned to the user group.





Error Response Body




Description


Error Response Body

JSON property name (continued)

ExamplesRetrieve list of all user groups

GET https://host:port/SKLM/rest/v1/ckms/usermanagement/groups

Success response

[ { "name": "klmGUICLIAccessGroup", "isDefault": true }, { "name": "klmSecurityOfficerGroup", "isDefault": true }, { "name": "LTOAdmin", "isDefault": true }, { "name": "LTOAuditor", "isDefault": true }, { "name": "LTOOperator", "isDefault": true }, { "name": "klmBackupRestoreGroup", "isDefault": true }, { "name": "LTO_CUSTOM_GROUP", "description": "This is a new group created for the administering extended LTO device", "isDefault": false }]

Error response


Get User Group Details REST ServiceUse Get User Group Details REST Service to retrieve details for a user group, such as assignedroles and assigned users.

OperationGET

URLhttps://<host>:<port >/SKLM/rest/v1/ckms/usermanagement/groups/{groupName}




Request




Request Parameters

Header name Value





Request Headers

Response









Response Headers







Description

name Returns the name of the user group.

description Returns the description of the user group.

isDefault Indicates whether the user group and its associations are provided bydefault during product installation (return value = true) or added later bya user (return value = false).

You cannot modify or delete a default user group.

roles Returns details of the roles that are assigned to the user group

users Returns details of the users that are assigned to the user group.


JSON property name (continued)




Error Response Body


ExampleRetrieve details of a user group

GET https://host:port/SKLM/rest/v1/ckms/usermanagement/groups/DS5000_CUSTOM_GROUP

Success response

{ "name": "DS5000_CUSTOM_GROUP", "description": "This group is created for administering DS5000 device groups", "isDefault": false, "roles": [ { "name": "DS5000_Custom", "description": "Role for DS500_custom device group", "isDefault": false } ], "users": [ { "name": "ds5000user", "isDefault": false } ]}

Error response




Update Role REST ServiceUse Update Role REST Service to modify a user role. You can modify the name and description of auser role.

OperationPUT

URLhttps://<host>:<port>/SKLM/rest/v1/ckms/usermanagement/roles/{oldRoleName}


Request




Request Parameters

Header name Value





Request Headers


oldRoleName Specify the name of the role that you want to modify.

Path parameter



newRoleName Specify a new name for the user role.

description Specify a description for the user role.

Request Body


Response











Response Headers









Error Response Body


ExampleModify a user role

PUT https://9.199.138.167:9443/SKLM/rest/v1/ckms/usermanagement/roles/DS5000_Custom{"newRoleName":"DS5000_new","description":"test change"}

Success response


Error response

{ "code": "CTGKM5004E", "message": "CTGKM5004E Object with the same name DS5000_new already exists."}



Update User Group REST ServiceUse Update User Group REST Service to modify an existing user group. You can modify the nameand description of a user group.

OperationPUT

URLhttps://<host>:<port>/SKLM/rest/v1/ckms/usermanagement/groups/{oldGroupName}


Request




Request Parameters

Header name Value





Request Headers


oldGroupName Specify the name of the user group that you want to modify.

Path parameter



newGroupName Specify the new name for the user group.

description Specify a description for the user group that you want to modify.

Request Body


Response











Response Headers









Error Response Body


ExampleModify a user group

PUT https://host:port/SKLM/rest/v1/ckms/usermanagement/groups/LTO_CUSTOM_GROUP{"newGroupName":"LTO_NEW","description":"changing group name"}

Success response


Error response

{ "code": "CTGKM5004E", "message": "CTGKM5004E Object with the same name DS5000_Custom already exists."}



Notices

This information was developed for products and services offered in the U.S.A. IBM may not offer theproducts, services, or features discussed in this document in other countries. Consult your local IBMrepresentative for information on the products and services currently available in your area. Any referenceto an IBM product, program, or service is not intended to state or imply that only that IBM product,program, or service may be used. Any functionally equivalent product, program, or service that does notinfringe any IBM intellectual property right may be used instead. However, it is the user's responsibility toevaluate and verify the operation of any non-IBM product, program, or service.

IBM may have patents or pending patent applications covering subject matter described in this document.The furnishing of this document does not give you any license to these patents. You can send licenseinquiries, in writing, to:

IBM Director of LicensingIBM CorporationNorth Castle Drive, MD-NC119Armonk, NY 10504-1785 US

For license inquiries regarding double-byte character set (DBCS) information, contact the IBM IntellectualProperty Department in your country or send inquiries, in writing, to:

Intellectual Property LicensingLegal and Intellectual Property LawIBM Japan, Ltd.19-21, Nihonbashi-Hakozakicho, Chuo-kuTokyo 103-8510, Japan

The following paragraph does not apply to the United Kingdom or any other country where suchprovisions are inconsistent with local law :

INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THIS PUBLICATION "AS IS"WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITEDTO, THE IMPLIED WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR APARTICULAR PURPOSE.

Some jurisdictions do not allow disclaimer of express or implied warranties in certain transactions,therefore, this statement may not apply to you.

This information could include technical inaccuracies or typographical errors. Changes are periodicallymade to the information herein; these changes will be incorporated in new editions of the publication.IBM may make improvements and/or changes in the product(s) and/or the program(s) described in thispublication at any time without notice.

Any references in this information to non-IBM Web sites are provided for convenience only and do not inany manner serve as an endorsement of those Web sites. The materials at those Web sites are not part ofthe materials for this IBM product and use of those Web sites is at your own risk.

IBM may use or distribute any of the information you supply in any way it believes appropriate withoutincurring any obligation to you.

Licensees of this program who wish to have information about it for the purpose of enabling: (i) theexchange of information between independently created programs and other programs (including thisone) and (ii) the mutual use of the information which has been exchanged, should contact:

IBM Director of LicensingIBM CorporationNorth Castle Drive, MD-NC119Armonk, NY 10504-1785

© Copyright IBM Corp. 2008, 2020 43


US

Such information may be available, subject to appropriate terms and conditions, including in some casespayment of a fee.

The licensed program described in this document and all licensed material available for it are provided byIBM under terms of the IBM Customer Agreement, IBM International Program License Agreement or anyequivalent agreement between us.

Any performance data contained herein was determined in a controlled environment. Therefore, theresults obtained in other operating environments may vary significantly. Some measurements may havebeen made on development-level systems and there is no guarantee that these measurements will bethe same on generally available systems. Furthermore, some measurement may have been estimatedthrough extrapolation. Actual results may vary. Users of this document should verify the applicable datafor their specific environment.

Information concerning non-IBM products was obtained from the suppliers of those products, theirpublished announcements or other publicly available sources. IBM has not tested those products andcannot confirm the accuracy of performance, compatibility or any other claims related to non-IBMproducts. Questions on the capabilities of non-IBM products should be addressed to the suppliers ofthose products.

All statements regarding IBM's future direction or intent are subject to change or withdrawal withoutnotice, and represent goals and objectives only.

All IBM prices shown are IBM's suggested retail prices, are current and are subject to change withoutnotice. Dealer prices may vary.

This information is for planning purposes only. The information herein is subject to change before theproducts described become available.

This information contains examples of data and reports used in daily business operations. To illustratethem as completely as possible, the examples include the names of individuals, companies, brands, andproducts. All of these names are fictitious and any similarity to the names and addresses used by anactual business enterprise is entirely coincidental.

COPYRIGHT LICENSE:

This information contains sample application programs in source language, which illustrate programmingtechniques on various operating platforms. You may copy, modify, and distribute these sample programsin any form without payment to IBM, for the purposes of developing, using, marketing or distributingapplication programs conforming to the application programming interface for the operating platformfor which the sample programs are written. These examples have not been thoroughly tested underall conditions. IBM, therefore, cannot guarantee or imply reliability, serviceability, or function of theseprograms. The sample programs are provided "AS IS", without warranty of any kind. IBM shall not beliable for any damages arising out of your use of the sample programs.

Each copy or any portion of these sample programs or any derivative work, must include a copyrightnotice as follows:© (your company name) (year). Portions of this code are derived from IBM Corp. Sample Programs. ©Copyright IBM Corp. _enter the year or years_.

If you are viewing this information in softcopy form, the photographs and color illustrations might not bedisplayed.

Terms and conditions for product documentationPermissions for the use of these publications are granted subject to the following terms and conditions.Applicability

These terms and conditions are in addition to any terms of use for the IBM website.



Personal useYou may reproduce these publications for your personal, noncommercial use provided that allproprietary notices are preserved. You may not distribute, display or make derivative work of thesepublications, or any portion thereof, without the express consent of IBM.

Commercial useYou may reproduce, distribute and display these publications solely within your enterprise providedthat all proprietary notices are preserved. You may not make derivative works of these publications,or reproduce, distribute or display these publications or any portion thereof outside your enterprise,without the express consent of IBM.

RightsExcept as expressly granted in this permission, no other permissions, licenses or rights are granted,either express or implied, to the publications or any information, data, software or other intellectualproperty contained therein.IBM reserves the right to withdraw the permissions granted herein whenever, in its discretion, the useof the publications is detrimental to its interest or, as determined by IBM, the above instructions arenot being properly followed.You may not download, export or re-export this information except in full compliance with allapplicable laws and regulations, including all United States export laws and regulationsIBM MAKES NO GUARANTEE ABOUT THE CONTENT OF THESE PUBLICATIONS. THE PUBLICATIONSARE PROVIDED "AS-IS" AND WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED ORIMPLIED, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE.

TrademarksIBM, the IBM logo, and ibm.com are trademarks or registered trademarks of International BusinessMachines Corp., registered in many jurisdictions worldwide. Other product and service names might betrademarks of IBM or other companies. A current list of IBM trademarks is available on the web at http://www.ibm.com/legal/copytrade.shtml.

Adobe, Acrobat, PostScript and all Adobe-based trademarks are either registered trademarks ortrademarks of Adobe Systems Incorporated in the United States, other countries, or both.

IT Infrastructure Library is a registered trademark of the Central Computer and TelecommunicationsAgency which is now part of the Office of Government Commerce.

Intel, Intel logo, Intel Inside, Intel Inside logo, Intel Centrino, Intel Centrino logo, Celeron, Intel Xeon,Intel SpeedStep, Itanium, and Pentium are trademarks or registered trademarks of Intel Corporation orits subsidiaries in the United States and other countries.

Linux is a trademark of Linus Torvalds in the United States, other countries, or both.

Microsoft, Windows, Windows NT, and the Windows logo are trademarks of Microsoft Corporation in theUnited States, other countries, or both.

ITIL is a registered trademark, and a registered community trademark of the Office of GovernmentCommerce, and is registered in the U.S. Patent and Trademark Office.

UNIX is a registered trademark of The Open Group in the United States and other countries.

Java and all Java-based trademarks and logos are trademarks or registered trademarks of Oracle and/orits affiliates.

Cell Broadband Engine is a trademark of Sony Computer Entertainment, Inc. in the United States, othercountries, or both and is used under license therefrom.

Linear Tape-Open, LTO, the LTO Logo, Ultrium, and the Ultrium logo are trademarks of HP, IBM Corp. andQuantum in the U.S. and other countries.

Notices 45

http://www.ibm.com/legal/copytrade.shtml

http://www.ibm.com/legal/copytrade.shtml




IBM®

Product Number:

IBM Confidential

Documents

Version 4.1 Containerized IBM Security Key Lifecycle · 2020. 4. 27. · IBM Conﬁdential DRAFT - NOT FOR PUBLICATION Chapter 1. User management REST services You can use the user