XKMS
Encyclopedia
XML Key Management Specification (XKMS) uses the web service
s framework to make it easier for developers to secure inter-application communication using public key infrastructure
(PKI). XML
Key Management Specification is a protocol developed by W3C which describes the distribution and registration of public keys. Services can access an XKMS compliant server
in order to receive updated key information for encryption
and authentication.
XKISS: XML Key Information Service Specification
XKRSS: XML Key Registration Service Specification
The XKISS service specification is concerned with management of the public component of a public key pair. The XKRSS is concerned with management of private keys.
In both cases the goal of XKMS is to allow all the complexity of traditional PKI implementations to be offloaded from the client to an external service. While this approach was originally suggested by Diffie and Hellman in their New Directions paper this was generally considered impractical at the time leading to commercial development focusing on the certificate based approach proposed by Loren Kohnfelder
.
. The architectural approach is closely related to the MIT PGP Key server originally created and maintained by Brian LaMacchia. The realization in XML is closely related to SAML
, the first edition of which was also edited by Hallam-Baker.
At the time XKMS was proposed no security infrastructure was defined for the then entirely new SOAP
protocol for Web Services. As a result a large part of the XKMS specification is concerned with the definition of security 'bindings' for specific Web Services protocols.
Web service
A Web service is a method of communication between two electronic devices over the web.The W3C defines a "Web service" as "a software system designed to support interoperable machine-to-machine interaction over a network". It has an interface described in a machine-processable format...
s framework to make it easier for developers to secure inter-application communication using public key infrastructure
Public key infrastructure
Public Key Infrastructure is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates. In cryptography, a PKI is an arrangement that binds public keys with respective user identities by means of a certificate...
(PKI). XML
XML
Extensible Markup Language is a set of rules for encoding documents in machine-readable form. It is defined in the XML 1.0 Specification produced by the W3C, and several other related specifications, all gratis open standards....
Key Management Specification is a protocol developed by W3C which describes the distribution and registration of public keys. Services can access an XKMS compliant server
Server (computing)
In the context of client-server architecture, a server is a computer program running to serve the requests of other programs, the "clients". Thus, the "server" performs some computational task on behalf of "clients"...
in order to receive updated key information for encryption
Encryption
In cryptography, encryption is the process of transforming information using an algorithm to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. The result of the process is encrypted information...
and authentication.
Architecture
XKMS consists of two parts:XKISS: XML Key Information Service Specification
XKRSS: XML Key Registration Service Specification
The XKISS service specification is concerned with management of the public component of a public key pair. The XKRSS is concerned with management of private keys.
In both cases the goal of XKMS is to allow all the complexity of traditional PKI implementations to be offloaded from the client to an external service. While this approach was originally suggested by Diffie and Hellman in their New Directions paper this was generally considered impractical at the time leading to commercial development focusing on the certificate based approach proposed by Loren Kohnfelder
Loren Kohnfelder
Loren Kohnfelder is best known for his MIT S.B. thesis written in May 1978 describing a practical means of applying public key cryptography to secure network communications....
.
Development history
The team that developed the original XKMS proposal submitted to the W3C included Warwick Ford, Phillip Hallam-Baker (editor) and Brian LaMacchiaBrian LaMacchia
Brian A. LaMacchia is a computer security specialist.LaMacchia is best known for his work at the Massachusetts Institute of Technology establishing the MIT PGP Key Server, the first key centric PKI implementation to see widescale use....
. The architectural approach is closely related to the MIT PGP Key server originally created and maintained by Brian LaMacchia. The realization in XML is closely related to SAML
SAML
Security Assertion Markup Language is an XML-based open standard for exchanging authentication and authorization data between security domains, that is, between an identity provider and a service provider...
, the first edition of which was also edited by Hallam-Baker.
At the time XKMS was proposed no security infrastructure was defined for the then entirely new SOAP
SOAP
SOAP, originally defined as Simple Object Access Protocol, is a protocol specification for exchanging structured information in the implementation of Web Services in computer networks...
protocol for Web Services. As a result a large part of the XKMS specification is concerned with the definition of security 'bindings' for specific Web Services protocols.
See also
- XML SignatureXML SignatureXML Signature defines an XML syntax for digital signatures and is defined in the W3C recommendation . Functionally, it has much in common with PKCS#7 but is more extensible and geared towards signing XML documents...
and XML EncryptionXML EncryptionXML Encryption, also known as XML-Enc, is a specification, governed by a W3C recommendation, that defines how to encrypt the contents of an XML element....
, two other W3C standards used by the XKMS protocol.