SDI Key is a key managed by the NICI Security Domain Infrastructure
and is created when the first NcpServer
is installed, or if there is an existing tree with the Security Domain Infrastructure
already in the tree, the server retrieves the SDI Key
from the Key servers
during the server installation.
Access to SDI Keys is governed by eDirectory permissions and attributes. There is a specific set of permissions and attributes that allow a server to create and distribute an SDI Key.
A server with this set of rights and attributes is known as a Key server. There is a different set of permissions and attributes that allows a server to acquire keys from a Key server.
NICISDI can manage multiple keys of varying Cryptographic strengths and algorithms. EachSDI Key can have a different Security Domain and is controlled by the eDirectory rights and attributes of the eDirectory object representing the SDI key known as the SDI key object:
SDI Keys are not intended for clients.
The Key servers job is to hand out the SDI Key to other NcpServers in the tree (Security Domain Infrastructure).
There might be more information for this subject on one of the following: