Public Key Crypto in an XML Framework
- By Kathleen Ohlson
The World Wide Web Consortium recently approved XML Key Management System 2.0, adding public key management to the W3C XML Security Framework.
XKMS offers an open, standard-based interface to key management services that are already widely used in distributed enterprise security applications. XKMS 2.0 makes it possible to implement public key infrastructure in Web applications, including Web services. Standards-based key management allows for identification across applications and systems, such as Web services applications operating across different trust boundaries.
Common PKI activities—public key certificate management, localization, parsing and validation operations—are difficult to integrate into existing apps because they add overhead, and they must be hard-coded for any given PKI. XKMS 2.0 speeds up PKI deployment by delegating these operations to a server using low-overhead protocols. The recommendation is open, so it can be used with any public certificate format, chosen by developers to meet application requirements.
XKMS 2.0 systems were designed to help users create enterprise-level applications faster. The type of public key certificate format, revocation and other factors are handled directly at the server and go transparently to the applications. As a result, third parties can provide PKI operations interoperably, as well as allow companies to install their own XKMS 2.0 servers for applications that are part of intranets. Enterprises running XKMS 2.0 servers can handle key exchange and management at the server level, creating a single point of coordination rather than forcing clients to be aware of each other in an enterprise.
XKMS 2.0 was created by the W3C XML Key Management Working Group, which includes Microsoft, Nokia, Oracle, Sun Microsystems, VeriSign, DataPower and webMethods.
Kathleen Ohlson is senior editor at Application Development Trends magazine.