The Cover PagesThe OASIS Cover Pages: The Online Resource for Markup Language Technologies
SEARCH | ABOUT | INDEX | NEWS | CORE STANDARDS | TECHNOLOGY REPORTS | EVENTS | LIBRARY
SEARCH
Advanced Search
ABOUT
Site Map
CP RSS Channel
Contact Us
Sponsoring CP
About Our Sponsors

NEWS
Cover Stories
Articles & Papers
Press Releases

CORE STANDARDS
XML
SGML
Schemas
XSL/XSLT/XPath
XLink
XML Query
CSS
SVG

TECHNOLOGY REPORTS
XML Applications
General Apps
Government Apps
Academic Apps

EVENTS
LIBRARY
Introductions
FAQs
Bibliography
Technology and Society
Semantics
Tech Topics
Software
Related Standards
Historic
Created: March 30, 2001.
News: Cover StoriesPrevious News ItemNext News Item

W3C Publishes XML Key Management Specification (XKMS).

The W3C has acknowledged receipt of a submission from VeriSign, Microsoft, webMethods, Baltimore Technologies, Citigroup, Hewlett-Packard, IBM, IONA Technologies, PureEdge, and Reuters Limited for the XML Key Management Specification (XKMS). The document "specifies protocols for distributing and registering public keys, suitable for use in conjunction with the proposed standard for XML Signature developed by the World Wide Web Consortium (W3C) and the Internet Engineering Task Force (IETF) and an anticipated companion standard for XML encryption. The XML Key Management Specification (XKMS) comprises two parts -- the XML Key Information Service Specification (X-KISS) and the XML Key Registration Service Specification (X-KRSS). The X-KISS specification defines a protocol for a Trust service that resolves public key information contained in XML-SIG elements. The X-KISS protocol allows a client of such a service to delegate part or all of the tasks required to process <ds:KeyInfo> elements. A key objective of the protocol design is to minimize the complexity of application implementations by allowing them to become clients and thereby shielded from the complexity and syntax of the underlying PKI used to establish trust relationships. These may be based upon a different specification such as X.509/PKIX, SPKI or PGP. The X-KRSS specification defines a protocol for a web service that accepts registration of public key information. Once registered, the public key may be used in conjunction with other web services including X-KISS. Both protocols are defined in terms of structures expressed in the XML Schema Language, protocols employing the Simple Object Application Protocol (SOAP) v1.1 and relationships among messages defined by the Web services Definition Language v1.0 (WDSL)."

Bibliographic information: XML Key Management Specification (XKMS). [http://www.w3.org/TR/2001/NOTE-xkms-20010330/] W3C Note 30-March-2001. Edited by Warwick Ford, VeriSign; Phillip Hallam-Baker, VeriSign; Barbara Fox, Microsoft; Blair Dillaway, Microsoft; Brian LaMacchia, Microsoft; Jeremy Epstein, webMethods; Joe Lapp, webMethods. Latest version URL: http://www.w3.org/TR/xkms/.

The submission represents a suggestion for message packaging appropriate to the W3C XML Activity on XML Protocols. The authors suggested in the submission "that the Consortium publish the document as a W3C Technical Note and hold a workshop to discuss the submission with a view to forming a working group to develop a standard based on the specification; the submitters intend to participate in such a workshop and working group." Comments on the specification may be sent to W3C's public mailing list 'xkms@w3.org'; see the 'xml-dist-ap' archives, a "forum is for discussion of XML in distributed applications, network protocols, and messaging systems."

From the staff comment: "The XML Signature specification purposefully avoided questions of key trust-worthiness. While the signature specification did define a few XML structures for common key types (e.g., DSAKeyValue, X509, etc.), these structures are optional and have no affect on signature validity. Questions of trust, including confidence in a key, was out of scope of XML Signature, as it is for XML Encryption. However, these questions about trust are critical to secure XML applications and protocols; XKMS addresses these issues in two parts: X-KISS and X-KRSS. First, the X-KISS specification defines a protocol for a Trust service that resolves the public key information contained in an XML Signature or Encryption element. This permits a client to delegate part or all of the tasks required to process key information. This delegation is useful in that a light-weight, XML only client, can delegate the processing of other formats (ASN1 encoded certificates) and their semantics (X509 semantics and path validation rules) to an external service. Second, the X-KRSS specification defines a protocol for a web service that accepts registration of public key information. Once registered, the public key may be used in conjunction with other web services including X-KISS. This submission will be referred to the attention of the XML Protocol, the XML Signature, and the XML Encryption Working Groups' email lists for the reasons stated above. We will also investigate integration with logic as a language of trust layered on RDF, one of the advanced technology development items in the Semantic Web Activity."

Principal references:


Hosted By
OASIS - Organization for the Advancement of Structured Information Standards

Sponsored By

IBM Corporation
ISIS Papyrus
Microsoft Corporation
Oracle Corporation

Primeton

XML Daily Newslink
Receive daily news updates from Managing Editor, Robin Cover.

 Newsletter Subscription
 Newsletter Archives
Bottom Globe Image

Document URI: http://xml.coverpages.org/ni2001-03-30-b.html  —  Legal stuff
Robin Cover, Editor: robin@oasis-open.org