Doma - I need your wisdom ....
Let's assume for a second that an enterprise (a large business) has TPM PCs all over their building(s), and it also has an Embassy Trust Server (or two) performing all of the Utility functions described in the 3-pager for a company.
Wouldn't the ETS database housing knowledge of all of the different trusted user workstations (and/or mobile TPMs) within the network, have to also maintain the underlying association of the assigned credentials (permissions), and would that be maintained by user or by workstation? That's the first question.
Since there must be some record of these credential assignments and keys maintained outside of each PC (TPM) ~ otherwise how would you be able to recover, transition, or disable ~ would that not by default make this ETS database the trusted network's asset database of record (DBOR)?
And, would that not further imply that there are a whole set of management utilities associated with what this DBOR, or that would need to exist for things like adding a new user, disabling old users, assigning/changing accessable (permissioned) software stacks, etc.?
Am I making any sense?
T123