XKMS

From Wikipedia, the free encyclopedia

XML Key Management Specification (XKMS) utilises the web services framework to make it easier for developers to secure inter-application communication using public key infrastructure (PKI). XML Key Management Specification is a protocol developed by W3C which describes the distribution and registration of public keys. Services can access an XKMS compliant server in order to receive updated key information for encryption and authentication.

Contents

[edit] Architecture

XKMS consists of two parts:

XKISS
XML Key Information Service Specification
XKRSS
XML Key Registration Service Specification

The XKISS service specification is concerned with management of the public component of a public key pair. The XKRSS is concerned with management of private keys.

In both cases the goal of XKMS is to allow all the complexity of traditional PKI implementations to be offloaded from the client to an external service. While this approach was originally suggested by Diffie and Hellman in their New Directions paper this was generally considered impractical at the time leading to commercial development focusing on the certificate based approach proposed by Loren Kohnfelder.

[edit] Development history

The team that developed the original XKMS proposal submitted to the W3C included Warwick Ford, Phillip Hallam-Baker (editor) and Brian LaMacchia. The architectural approach is closely related to the MIT PGP Key server originally created and maintained by Brian LaMacchia. The realization in XML is closely related to SAML, the first edition of which was also edited by Hallam-Baker.

At the time XKMS was proposed no security infrastructure was defined for the then entirely new SOAP protocol for Web Services. As a result a large part of the XKMS specification is concerned with the definition of security 'bindings' for specific Web Services protocols.

[edit] See also

[edit] External links

In other languages