📑 Table of Contents

XML Key Management Specification (XKMS) uses the web services framework to make it easier for developers to secure inter-application communication using public key infrastructure (PKI). XML Key Management Specification is a protocol developed by W3C which describes the distribution and registration of public keys. Services can access an XKMS compliant server in order to receive updated key information for encryption and authentication.

Architecture

edit

XKMS consists of two parts:

X-KISS
XML Key Information Service Specification
X-KRSS
XML Key Registration Service Specification

The X-KRSS defines the protocols needed to register public key information. X-KRSS can generate the key material, making key recovery easier than when created manually.

The X-KISS outlines the syntax that applications should use to delegate some or all of the tasks needed to process the key information element of an XML signature to a trust service.

In both cases the goal of XKMS is to allow all the complexity of traditional PKI implementations to be offloaded from the client to an external service. While this approach was originally suggested by Diffie and Hellman in their New Directions paper this was generally considered impractical at the time leading to commercial development focusing on the certificate based approach proposed by Loren Kohnfelder.

Development history

edit

The team that developed the original XKMS proposal submitted to the W3C included Warwick Ford, Phillip Hallam-Baker (editor) and Brian LaMacchia. The architectural approach is closely related to the MIT PGP Key server originally created and maintained by Brian LaMacchia. The realization in XML is closely related to SAML, the first edition of which was also edited by Hallam-Baker.

At the time XKMS was proposed no security infrastructure was defined for the then entirely new SOAP protocol for Web Services. As a result, a large part of the XKMS specification is concerned with the definition of security 'bindings' for specific Web Services protocols.

See also

edit
edit

📚 Artikel Terkait di Wikipedia

YAML

many of the same communications applications as Extensible Markup Language (XML) but has a minimal syntax that intentionally differs from Standard Generalized

JSON

Canada. doi:10.4242/BalisageVol10.Lee01. ISBN 978-1-935958-06-2. "XML 1.1 Specification". World Wide Web Consortium. Retrieved August 26, 2019. Saternos

PDF

edition of the PDF specification that became ISO 32000-1, includes some proprietary technologies defined by Adobe, such as Adobe XML Forms Architecture

List of web service specifications

Services Semantics (WSDL-S) WS-Naming WS-Security XML Signature XML Encryption XML Key Management (XKMS) WS-SecureConversation WS-SecurityPolicy WS-Trust

WS-Security

post-OASIS specification. Most forum posts use the keyword "WSSE" to refer to the pre-OASIS version because it mandated the use of a "wsse" XML namespace

OASIS Open

Table Model specification and specifications for fragment interchange and entity management. In 1998, with the movement of the industry to XML, SGML Open

Key Management Interoperability Protocol

like the cryptographic-algorithm and key-length. Other attributes are defined in the specification for the management of objects like the Application-Specific

Public key infrastructure

standardized specification of PGP). Because PGP and implementations allow the use of e-mail digital signatures for self-publication of public key information