Protecting Resources

Protecting Resources

Some REST API actions can lead to destructive outcomes. For example:

• HSM zeroization: all partitions and cryptographic material is destroyed
• apply destructive policy setting: all cryptographic material is destroyed
• exceeding last login attempt: all cryptographic material is destroyed
• applying destructive HSM capability update: all cryptographic material is destroyed

To provide an application with a measure of control over actions of this kind, the REST API has a process to protect accessing destructive resources. This two-step process is as follows:

• First, the application requests the destructive resource. This action creates a suspended (WAITING) task.
• Next, the application "kick-starts" the task so that it can run and complete the destructive process.

An application does the kick-start via a task actions resource called “start" as shown by the following prototype:

    POST /tasks/{taskid}/actions/start

Additionally, the REST API has another resource to list all task actions:

   GET /tasks/{taskid}/actions

As an example, the following list show the steps to zeroize an HSM:

• Log into REST
• Log into HSM
• POST /api/lunasa/hsms/{hsmid}/actions/zeroize
• Returned is a task object referenced by /tasks/{taskid}
• GET /tasks/{taskid} and confirm the task is in WAITING (suspended) state
• POST /tasks/{taskid}/actions/start to continue the zeroization
• GET /tasks/{taskid} to confirm the task is in FINISHED or ERROR state
• GET /tasks/{taskid}/response to obtain the output of the zeroization resource