The W3C has acknowledged receipt of a submission from VeriSign, Microsoft, webMethods, Baltimore Technologies, Citigroup, Hewlett-Packard, IBM, IONA Technologies, PureEdge, and Reuters Limited for the XML Key Management Specification (XKMS). The document "specifies protocols for distributing and registering public keys, suitable for use in conjunction with the proposed standard for XML Signature developed by the World Wide Web Consortium (W3C) and the Internet Engineering Task Force (IETF) and an anticipated companion standard for XML encryption. The XML Key Management Specification (XKMS) comprises two parts -- the XML Key Information Service Specification (X-KISS) and the XML Key Registration Service Specification (X-KRSS). The X-KISS specification defines a protocol for a Trust service that resolves public key information contained in XML-SIG elements. The X-KISS protocol allows a client of such a service to delegate part or all of the tasks required to process <ds:KeyInfo> elements. A key objective of the protocol design is to minimize the complexity of application implementations by allowing them to become clients and thereby shielded from the complexity and syntax of the underlying PKI used to establish trust relationships. These may be based upon a different specification such as X.509/PKIX, SPKI or PGP. The X-KRSS specification defines a protocol for a web service that accepts registration of public key information. Once registered, the public key may be used in conjunction with other web services including X-KISS. Both protocols are defined in terms of structures expressed in the XML Schema Language, protocols employing the Simple Object Application Protocol (SOAP) v1.1 and relationships among messages defined by the Web services Definition Language v1.0 (WDSL)."
Bibliographic information: XML Key Management Specification (XKMS). [http://www.w3.org/TR/2001/NOTE-xkms-20010330/] W3C Note 30-March-2001. Edited by Warwick Ford, VeriSign; Phillip Hallam-Baker, VeriSign; Barbara Fox, Microsoft; Blair Dillaway, Microsoft; Brian LaMacchia, Microsoft; Jeremy Epstein, webMethods; Joe Lapp, webMethods. Latest version URL: http://www.w3.org/TR/xkms/.
The submission represents a suggestion for message packaging appropriate to the W3C XML Activity on XML Protocols. The authors suggested in the submission "that the Consortium publish the document as a W3C Technical Note and hold a workshop to discuss the submission with a view to forming a working group to develop a standard based on the specification; the submitters intend to participate in such a workshop and working group." Comments on the specification may be sent to W3C's public mailing list 'xkms@w3.org'; see the 'xml-dist-ap' archives, a "forum is for discussion of XML in distributed applications, network protocols, and messaging systems."
From the staff comment: "The XML Signature specification purposefully avoided questions of key trust-worthiness. While the signature specification did define a few XML structures for common key types (e.g., DSAKeyValue, X509, etc.), these structures are optional and have no affect on signature validity. Questions of trust, including confidence in a key, was out of scope of XML Signature, as it is for XML Encryption. However, these questions about trust are critical to secure XML applications and protocols; XKMS addresses these issues in two parts: X-KISS and X-KRSS. First, the X-KISS specification defines a protocol for a Trust service that resolves the public key information contained in an XML Signature or Encryption element. This permits a client to delegate part or all of the tasks required to process key information. This delegation is useful in that a light-weight, XML only client, can delegate the processing of other formats (ASN1 encoded certificates) and their semantics (X509 semantics and path validation rules) to an external service. Second, the X-KRSS specification defines a protocol for a web service that accepts registration of public key information. Once registered, the public key may be used in conjunction with other web services including X-KISS. This submission will be referred to the attention of the XML Protocol, the XML Signature, and the XML Encryption Working Groups' email lists for the reasons stated above. We will also investigate integration with logic as a language of trust layered on RDF, one of the advanced technology development items in the Semantic Web Activity."
Principal references:
- XML Key Management Specification (XKMS)
- Submission request
- W3C staff comment. By Joseph Reagle, Team Contact for the XML Signature and XML Encryption Working Groups
- W3C XML Protocol Working Group
- "XML Key Management Specification (XKMS)" - Main reference page.
- "XML Digital Signature (Signed XML - IETF/W3C)" - Main reference page.