IEEE P1619.3 Plan for 2010
Matt Ball, IEEE Security in Storage Working Group Chair
Walt Hubis, IEEE P1619.3 Task Group Chair
Version 1 — January 19, 2010
This document [source, posting] describes the plans for the IEEE P1619.3 Task Group for the 2010 calendar year.
The IEEE P1619.3 Task Group was formed in February 2007, with the following Title, Scope, and Purpose:
Draft Standard for Key Management Infrastructure for Cryptographic Protection of Stored Data
This standard specifies an architecture for the key management infrastructure for cryptographic protection of stored data, describing interfaces, methods and algorithms.
This standard defines methods for the storage, management, and distribution of cryptographic keys used for the protection of stored data. This standard augments existing key management methodologies to address issues specific to cryptographic protection of stored data. This includes stored data protected by compliant implementations of other standards in the IEEE 1619 family.
In early 2009, a consortium brought forward the "Key Management Interoperability Protocol" (KMIP) into the OASIS standards organization. This new standard has much in common with the scope and purpose of P1619.3. Many people have asked whether P1619.3 is still relevant with the presence of OASIS KMIP. We believe the answer is "yes".
Overall, the existing of KMIP has benefitted the P1619.3 effort because it is now possible to leverage the KMIP standard — which (as of January 2010) is in public review and nearly complete — as the basis for the low-level key management functions, and position P1619.3 as a KMIP profile that adds on enterprise-class additions to make it suitable for key management in a storage encryption environment.
In reviewing KMIP, the P1619.3 task group plans to enhance KMIP with the following extensions:
Currently, the P1619.3 PAR (Project Authorization Request) is set to expire on December 31, 2011, so we have almost 2 years left to complete the project and deliver the draft to IEEE. This should be enough time to complete the remaining work, and if not, it is possible to get a 1-2 year extension, if needed.
Many members of P1619.3 are also members of OASIS KMIP, and the previous push was to get the KMIP 1.0 specification out to public review. Now that KMIP 1.0 is in public review, P1619.3 members have more time to focus on completing P1619.3.
Here is a strawman schedule for completing P1619.3 by the end of 2010:
· January 2010: Decide as a group what will go in to P1619.3 (this document)
· February 2010: Complete high priority action items for KMIP and Specification integration.
· March 2010: Complete XML mapping of KMIP binary protocol
· April 2010: Complete Enrollment and Discovery protocol
· May 2010: XML based key backup definition
· June 2010: Complete specification initial draft
· July 2010: Start Sponsor Ballot
· Oct 2010: Complete Sponsor Ballot and submit to IEEE
· Dec 2010: IEEE approves standard
· June 2011: IEEE publishes standard (typical 6 month delay between approval and publication)