Key Management Interoperability Protocol (KMIP) TC
[Source: See the announcement source URIs for plain text version of this linked HTML hypertext document. In addition to added links, this text provides glosses for acronyms (supplied by the TC charter editor), and some post-proposal information about the TC Convenor Call, Proposed Charter Feedback, etc. Note: Updated information is published in the KMIP TC Charter and Call for Participation, March 04, 2009.]
Proposed Charter for OASIS Key Management Interoperability Protocol (KMIP) TC
Date: Thu, 12 Feb 2009 09:33:09 -0500 From: Mary McRae <email@example.com> To: firstname.lastname@example.org, email@example.com Cc: firstname.lastname@example.org Subject: Proposed Charter for OASIS Key Management Interoperability Protocol (KMIP) TC
To OASIS Members
A draft TC charter has been submitted to establish the OASIS Key Management Interoperability Protocol (KMIP) Technical Committee (below). In accordance with the OASIS TC Process Policy section 2.2 "TC Formation": (http://www.oasis-open.org/committees/process-2008-06-19.php#formation) the proposed charter is hereby submitted for comment. The comment period shall remain open until 11:45 pm EST on 26-February-2009.
OASIS maintains a mailing list for the purpose of submitting comments on proposed TC charters. Any OASIS member may post to this list by sending email to: email@example.com. All such email messages will be publicly archived at http://lists.oasis-open.org/archives/oasis-charter-discuss/. Members who wish to receive list email messages must join the group by selecting "Join Group" on the OASIS Charter Submission Discuss group home page: http://www.oasis-open.org/apps/org/workgroup/oasis-charter-discuss/. Employees of organizational members do not require primary representative approval to subscribe to the 'oasis-charter-discuss' mailing list.
A telephone conference will be held among the Convenor, the OASIS TC Administrator, and those proposers who wish to attend, within four days of the close of the comment period. The announcement and call-in information will be noted on the OASIS Charter Discuss Group Calendar.
We encourage member comment and ask that you note the name of the proposed TC ('[KMIP]') in the subject line of any email messages posted to the 'oasis-charter-discuss' mailing list.
Mary P McRae Director, Technical Committee Administration OASIS: Advancing open standards for the information society email: firstname.lastname@example.org web: www.oasis-open.org phone: 1.603.232.9090
- Proposed Charter
- Non-Normative Information
Proposed Charter for OASIS Key Management Interoperability Protocol (KMIP) Technical Committee
The name of the TC:
Key Management Interoperability Protocol (KMIP) Technical Committee
The KMIP Technical Committee will develop specification(s) for the interoperability of key management services with key management clients. The specifications will address anticipated customer requirements for key lifecycle management (generation, refresh, distribution, tracking of use, life-cycle policies including states, archive, and destruction), key sharing, and long-term availability of cryptographic objects of all types (public/private keys and certificates, symmetric keys, and other forms of "shared secrets") and related areas.
The initial goal is to define an interoperable protocol for standard communication between key management servers, and clients and other actors which can utilize these keys. Secure key management for TPMs [Trusted Platform Modules] and Storage Devices will be addressed. The scope of the keys addressed is enterprise-wide, including a wide range of actors: that is, machine, software, or human participants exercising the protocol within the framework. Actors for KMIP may include:
- Storage Devices
- Networking Devices
- Personal devices with embedded storage (e.g., Personal Computers, Handheld Computers, Cell Phones)
- Operating Systems
- Input/Output Subsystems
- Management Frameworks
- Key Management Systems
Out of scope areas include:
- Implementation specific internals of prototypes and products
- Multi-vendor Key Management facility mirrors or clusters
- Definition of an architectural design for a central enterprise key management or certificate management system other than any necessary models, interfaces and protocols strictly required to support interoperability between Actors in the multi-vendor certificate and key management framework
- Framework interfaces not dedicated to secure key and certificate management
- Certain areas of functionality related to key management are also outside the scope of this technical committee, in particular registration of clients, server-to-server communication and key migration
- Bindings other than tag-length-value wire protocol and XSD-based encodings
The deliverables for the KMIP Technical Committee are anticipated to include the following:
Revised KMIP Specification v0.98. This provides the normative expression of the protocol, including objects, attributes, operations and other elements. A Committee Specification is scheduled for completion within twelve (12) months of the first TC meeting.
Revised KMIP Usage Guide v0.98. This provides illustrative and explanatory information on implementing the protocol, including authentication profiles, implementation recommendations, conformance guidelines and security considerations. A Committee Specification is scheduled for completion within twelve (12) months of the first TC meeting.
Revised KMIP Use Cases and Test Cases v0.98. This provides sample use cases for KMIP, test cases for implementing those use cases, and examples of the protocol implementing those test cases. A Committee Specification is scheduled for completion within twelve (12) months of the first TC meeting.
Revised KMIP Frequently Asked Questions. This document provides guidance on what KMIP is, the problems it is intended to address and other frequently asked questions.
KMIP, as defined in the above deliverables, will be scoped to include the following:
1) Comprehensive Key and Certificate Lifecycle Management Framework
- Provisioning of Keys and Certificates
- Logging (Usage tracking)
- Management of trust mechanisms between EKCLM [Enterprise Key and Certificate Lifecycle Management] actors only as necessary to support EKCLM
- Logging (Usage tracking)
- Expectation of Policy Enforcement
- At endpoints
- At Key Manager
- At intermediaries between endpoints and Key Manager facility
- Pre-provisioning and late binding of keys and certificates
- Support for hierarchical or delegation or direct models
- Actor discovery and enrollment as necessary to support ECKLM
- Key, certificate and policy migration
- Audit and logging facilities
- Secure and Robust Mechanisms, Techniques, Protocols and Algorithms
- Recovery capabilities, only as needed by interoperable interfaces, anticipating power failure, or other common failures of automated Actors
- Forward compatibility considerations
- Interface to Identity Management facilities as necessary for A) and B)
- Interface to Enterprise Directory facilities as necessary for A) and B)
2) KMIP TC will also support activities to encourage adoption of KMIP. This would likely include:
- Interoperability sessions to test effectiveness of the specification
- Reference implementations of KMIP functionality
IPR Mode under which the TC will operate:
The KMIP TC is anticipated to operate under RF on RAND IPR Mode.
Anticipated audience or users. KMIP is intended for the following audiences:
- Architects, designers, and implementers of providers and consumers of enterprise key management services.
Work group business and proceedings will be conducted in English.
Identification of similar or applicable work. Similar work is currently underway in several other organizations:
OASIS EKMI TC. We see KMIP TC as addressing a broader scope than the primarily symmetric key focused EKMI, providing a more comprehensive protocol in which SKSML can potentially participate.
IEEE P1619.3. We see KMIP TC as addressing a broad scope than the primarily storage-related P1619.3.
TCG Infrastructure Working Group. We see KMIP TC as addressing a broader scope than the primarily TPM-related TCG IWG.
IETF Keyprov. We see KMIP TC as addressing a broader scope than the primarily mobile-related IETF Keyprov.
Date, time, and location of the first meeting:
The intended date for the first meeting is April 24th 2009, to be held as a Face-to-Face meeting in San Francisco, California, in conjunction with the RSA Conference [URI]. Exact location and logistics TBD.
Projected ongoing meeting: Conference calls will be held weekly, to be sponsored by one or more of the companies proposing the KMIP TC. These conference calls will be complemented by the following:
- Face to face meetings as determined by the KMIP TC
- General communication will be via email reflectors with archiving provided by the KMIP TC
- KMIP TC progress will be communicated via a KMIP TC web page
- The KMIP TC will communicate (conference calls, joint working sessions, etc.) with external groups as appropriate
- The KMIP TC will communicate (conference calls, joint working sessions etc.) with internal OASIS groups (other TCs) as appropriate
Names, electronic mail addresses, and membership affiliations of at least Minimum Membership.
- Bob Griffin, EMC/RSA, Robert.email@example.com
- Robert Philpott, EMC/RSA, Robert.firstname.lastname@example.org
- Mark Schiller, HP, email@example.com
- Jishnu Mukerji, HP, firstname.lastname@example.org
- Anthony Nadalin, IBM, email@example.com
- Robert Haas, IBM, firstname.lastname@example.org
- Walt Hubis, LSI, email@example.com
- Jon Geater, Thales, firstname.lastname@example.org
- Marcus Streets, Thales, email@example.com
- Martin Skagen, Brocade, firstname.lastname@example.org
- Karla Thomas, Brocade, email@example.com
- Subhash Sankuratripati, NetApp, Subhash@netapp.com
- Paolo Bezoari, NetApp, Bezoari@netapp.com
- Dave B Anderson, Seagate, firstname.lastname@example.org
The name of the Convenor who must be an Eligible Person.
Robert Griffin (EMC)
The name of the OASIS Member Section with which the TC intends to affiliate, if any.
List of contributions of existing technical work that the proposers anticipate will be made to this TC:
- KMIP Specification v0.98
- KMIP Usage Guide v0.98
- KMIP Use Cases and Test Cases v0.98
- KMIP FAQ
Frequently Asked Questions (FAQ) Document
Proposed working title and acronym for the specification(s) to be developed by the TC:
- KMIP Specification
- KMIP Usage Guide
- KMIP Use Cases and Test Cases
- KMIP FAQ
Convenor Call for the Proposed KMIP TC. A TC convenor call is scheduled for Monday, March 02, 2009 at 12 noon EST. The only required participants are the OASIS TC Administrator (Mary McRae) and the TC Convenor (Robert Griffin from EMC), although all co-proposers are invited and welcome to attend, along with other OASIS Members as observers. Per the TC Process, this is: "a conference call, among the Convenor, the OASIS TC Administrator, and those proposers who wish to attend. Other OASIS Members who wish to attend may observe." The purpose of this call is to discuss any comments received and any resulting changes to the proposed Charter and review the remainder of the schedule leading up to the first TC meeting, as well as review recruiting and marketing plans for the new TC. Typically several members of OASIS Staff will be on the call... Agenda: welcome, identification of participants, review of any comments received, staff comments, review of any action items, recruiting, marketing, and review of remaining schedule...
Discussion about the proposed KMIP TC Charter:
Prepared by Robin Cover for The XML Cover Pages archive. See also:
- The Cover Pages news story 2009-02-27: "OASIS Members Form Key Management Interoperability Protocol (KMIP) Technical Committee"
- Additional information in the "Cryptographic Key Management" Topic Document OASIS Key Management Interoperability Protocol (KMIP) Technical Committee
- KMIP TC Charter and Call for Participation
- The announcement from the KMIP specification authors: "Leading Organizations Unveil New Interoperability Specification for Encryption Key Management to Aid IT Security, Compliance and Data Recovery"