XKMS
   HOME

TheInfoList



Click Here for Items Related To - XKMS
OR:
XKMS on:   [Wikipedia]   [Google]   [Amazon]

XML Key Management Specification (XKMS) uses the web services framework to make it easier for developers to secure inter-application communication using
public key infrastructure A public key infrastructure (PKI) is a set of roles, policies, hardware, software and procedures needed to create, manage, distribute, use, store and revoke digital certificates and manage public-key encryption. The purpose of a PKI is to facilit ...
(PKI).
XML Extensible Markup Language (XML) is a markup language and file format for storing, transmitting, and reconstructing arbitrary data. It defines a set of rules for encoding documents in a format that is both human-readable and machine-readable. T ...
Key Management Specification is a protocol developed by
W3C The World Wide Web Consortium (W3C) is the main international standards organization for the World Wide Web. Founded in 1994 and led by Tim Berners-Lee, the consortium is made up of member organizations that maintain full-time staff working to ...
which describes the distribution and registration of public keys. Services can access an XKMS compliant
server Server may refer to: Computing *Server (computing), a computer program or a device that provides functionality for other programs or devices, called clients Role * Waiting staff, those who work at a restaurant or a bar attending customers and su ...
in order to receive updated key information for
encryption In cryptography, encryption is the process of encoding information. This process converts the original representation of the information, known as plaintext, into an alternative form known as ciphertext. Ideally, only authorized parties can decip ...
and authentication.


Architecture

XKMS consists of two parts: ;X-KISS: XML Key Information Service Specification ;X-KRSS: XML Key Registration Service Specification The X-KRSS defines the protocols needed to register public key information. X-KRSS can generate the key material, making key recovery easier than when created manually. The X-KISS outlines the syntax that applications should use to delegate some or all of the tasks needed to process the key information element of an XML signature to a trust service. In both cases the goal of XKMS is to allow all the complexity of traditional PKI implementations to be offloaded from the client to an external service. While this approach was originally suggested by Diffie and Hellman in their New Directions paper this was generally considered impractical at the time leading to commercial development focusing on the certificate based approach proposed by
Loren Kohnfelder Loren Kohnfelder invented what is today called public key infrastructure (PKI) in his May 1978 MIT S.B. (BSCSE) thesis, which described a practical means of using public key cryptography to secure network communications. The Kohnfelder thesis intr ...
.


Development history

The team that developed the original XKMS proposal submitted to the W3C included
Warwick Ford Warwick ( ) is a market town, civil parish and the county town of Warwickshire in the Warwick District in England, adjacent to the River Avon. It is south of Coventry, and south-east of Birmingham. It is adjoined with Leamington Spa and Whit ...
,
Phillip Hallam-Baker Phillip Hallam-Baker is a computer scientist, mostly known for contributions to Internet security, since the design of HTTP at CERN in 1992. Self-employed since 2018 as a consultant and expert witness in court cases, he previously worked at Comodo ...
(editor) and
Brian LaMacchia Brian A. LaMacchia is a computer security specialist. LaMacchia was a Distinguished Engineer at Microsoft and headed the Security and Cryptography team within Microsoft Research (MSR). His team’s main project was the development of quantum-resis ...
. The architectural approach is closely related to the MIT PGP Key server originally created and maintained by Brian LaMacchia. The realization in XML is closely related to
SAML Security Assertion Markup Language (SAML, pronounced ''SAM-el'', ) is an open standard for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider. SAML is an XML-based m ...
, the first edition of which was also edited by Hallam-Baker. At the time XKMS was proposed no security infrastructure was defined for the then entirely new
SOAP Soap is a salt of a fatty acid used in a variety of cleansing and lubricating products. In a domestic setting, soaps are surfactants usually used for washing, bathing, and other types of housekeeping. In industrial settings, soaps are use ...
protocol for Web Services. As a result, a large part of the XKMS specification is concerned with the definition of security 'bindings' for specific Web Services protocols.


See also

*
XML Signature XML Signature (also called ''XMLDSig'', ''XML-DSig'', ''XML-Sig'') defines an XML syntax for digital signatures and is defined in the W3C recommendationbr>XML Signature Syntax and Processing Functionally, it has much in common with PKCS #7 but is ...
and
XML Encryption XML Encryption, also known as XML-Enc, is a specification, governed by a W3C recommendation, that defines how to encrypt the contents of an XML element. Although XML Encryption can be used to encrypt any kind of data, it is nonetheless known as "XM ...
, two other W3C standards used by the XKMS protocol.


External links


XKMS at SQLDataXKMS at the W3C
Cryptographic protocols Computer network security Cryptography standards XML-based standards