At the RSA Conference 2001 (San Francisco, April 8 - 12), a "groundswell of industry support for the XKMS specification" was interpreted as a mandate for a second-generation PKI [Public Key Infrastructure] Standard. VeriSign, Microsoft, webMethods, Baltimore Technologies, Hewlett-Packard Company, International Business Machines Corp., IONA, PureEdge, and Reuters all offered endorsements for the XML Key Management Specification (XKMS), recently accepted as a submission by W3C. VeriSign introduced its '2nd-Generation XML toolkit' as a public key infrastructure (PKI) service; Entrust Technologies announced a 'Web Services Trust Framework' for trust relationship management along with a new XML-based solution for smart card manufacturing. The XKMS specification "revolutionizes the development of trusted applications by introducing an open framework that enables virtually any developer to easily incorporate trust services directly into the application. Currently, developers must enable desktop and e-commerce applications to handle digital keys for authentication and digital signatures via the use of toolkits offered by a range of software vendors. Functions such as digital certificate processing, revocation status checking and certification path location and validation do not always interoperate with all vendors' PKI offerings. With the new XKMS specification, those functions instead reside in servers that can be accessed via easily programmed XML messages. By deploying applications within the XKMS framework, enterprises can gain broad interoperability, rapid time-to-market, significant cost savings, and scalability across intranet, extranet, and Internet commerce applications - benefits unattainable with proprietary PKI software. XKMS is compatible with the emerging standard for XML digital signatures. Designed to be implemented as a Web service, XKMS is built upon Web Services Description Language (WSDL) and Simple Object Access Protocol (SOAP). It is anticipated that future versions of the XKMS specification will be compatible with XML encryption and XML protocol."
VeriSign has introduced its "2nd-Generation XML toolkit" - A "next-generation public key infrastructure (PKI) service enables enterprises to delegate critical yet complex functions such as key management and validation to VeriSign's carrier-class trust infrastructure. Based on the industry-supported XKMS specification, this service moves functions such as digital certificate processing, revocation status checking, and certification path location and validation-previously built into applications via proprietary toolkits-to the network, making them easily accessible via standard XML interfaces. The XKMS architecture provides a complete framework for ensuring broad interoperability across applications developed by enterprises, B2B exchanges regardless of the PKI systems used within these Internet communities of interest. VeriSign also announced (1) User Provisioning Services: a trusted managed service which enables businesses to automate the increasingly complex process of connecting employees, business partners and customers to the internal and external information resources they need; (2) Enhanced Entitlements: Entitlements Management Service has now been enhanced to incorporate the company's 'Trust Assertion Framework', which is tracking the Security Assertion Markup Language (SAML) standardization activity in the OASIS forum. (3) Trade Settlement: services which capitalize on the companies' leadership in the online payments arena by integrating VeriSign's managed digital certificate and entitlements services with SurePay's patent-pending end-to-end payment solutions."
Entrust "announced the availability of its Entrust/DeviceConnector product, the company's new XML-based solution for smart card manufacturing. It is the industry's first commercial product to deliver XML-based trust services. It allows smart card manufacturers to streamline and automate the issuance of digital certificates, extending trust to smart card-based mobile phones and banking cards... Entrust's Device Connector XML Interface (DCXI) is the protocol that governs the communication between the Entrust/DeviceConnector product and the CMS. As part of the Entrust Web Services Trust Framework initiative, Entrust Technologies, with its smart card manufacturing partners, plans to extend the DCXI interface to leverage the XKMS standards initiatives. Entrust Technologies plans to include the advanced functionality required by smart card manufacturers into the XKMS standard and include it in future versions of the product."
Principal references:
- Announcement: "VeriSign, Microsoft & webMethods, Joined by Baltimore Technologies, HP, IBM, IONA, PureEdge and Reuters, Announce Industry Support for Second-Generation PKI Standard. XKMS Specification Acknowledged by World Wide Web Consortium (W3C), Paving the Way for Interoperability of PKI Solutions, Digital Signatures and Encryption." Source also from VeriSign, webMethods and Microsoft.
- Announcement: "VeriSign Introduces Next-Generation Internet Trust Services. New User Provisioning, 2nd Generation PKI, Enhanced Entitlement and Trade Settlement Services All Designed to Move Complexity to the Network Infrastructure."
- Announcement: "Entrust Technologies Announces New Web Services Trust Framework For Trust Relationship Management. Entrust Technologies Plays Leading Role in Developing Next Generation of XML Trust for Web Services."
- Announcement: "Entrust Unveils Industry's First Commercial Product to Deliver XML-Based Trust Services. World's Leading Smart Card Manufacturers Adopt Entrust/DeviceConnector to Deliver Scalability, Interoperability and Efficiency to their Smart Card Management Systems."
- XML Trust Center - XKMS
- XKMS Java Client Software Development Kit
- W3C Publishes XML Key Management Specification (XKMS)
- "XML Key Management Specification (XKMS)" - Main reference page.