Key Management
Keeping the public and private keys, digital signatures, and digital certificates organized and ecure is one of the biggest challenges for deploying all these new encryption, digital signature, and authentication technologies. Hence the need for a methodology for the management of the security components has been raised. In this progression, the XML Key Management ecification (XKMS) is been an emerging effort under the backing of the W3C. The goal of XKMS is to rovide standardized XML-based transaction definitions for the management of uthentication, Cryption, and digital signature services. The previous section discussed about the XML Encryption and XML Digital Signature specifications. However, these specifications assume that the web service responsible for processing the XML exists in an environment where keys and certificates are kept safe and secure.
The assumption here is that the web service programmer is aware of which certificates and
keys to use. XKMS will provide a set of XML definitions to allow developers to contact a third party. They will be helpful in locating and providing the appropriate keys and certificates.
keys to use. XKMS will provide a set of XML definitions to allow developers to contact a third party. They will be helpful in locating and providing the appropriate keys and certificates.
The usefulness for allowing a third party to do this confidential job is to free the web service programmer from having to track the availability of keys or certificates and ensure their validity.
XML AND WEB SERVICES NOTES
In other words, XKMS will provide a standardized set of XML definitions to do the
following:
• Allowing developers to contact and use remote trusted third-party services
• The trusted third-party services will provide the following services:
encryption and decryption services
creation of keys
management of keys
authentication of keys and digital signatures
The specification standards specify a set of tags which is used to query external key anagement and signature validation services. For example, to know about the authentication of the ertificate, a client might ask a remote service to answer questions such as, “Is it a valid tificate?” or, “Provide the value of the key managed by you. ” Thus the facility to manage the keys is provided in XKMS.
XKMS was submitted to the W3C by Microsoft, VeriSign and web-Methods and is backed by a range of companies like HP, IBM Lenova etc. Thus XKMS is one of the three W3C specifications that define the XML security architecture.
No comments:
Post a Comment