Securing Web Services using XKMS
The XML Key Management Specification (XKMS) is a recent development in the cryptography domain, along the lines of the nearly ubiquitous XML-orientation of technologies. These days when everything is getting XML-enabled, why is this XML technology worth considering? Unlike many XML-enabled technologies, XKMS has the potential to revolutionize Public Key Infrastructure (PKI) by making PKI simpler to deploy, use and manage. In fact, XKMS just might make PKI a viable reality for enterprises, embedded devices and users.
If you have worked with PKI software from various vendors, then you’ll be aware of the difficulties in setting up a solution and in getting different vendor software to interoperate properly. Today every vendor sells their own wares their own way, which are supposedly standard. You have the Java security package and APIs, Microsoft CAPI, RSA BSAFE, Xcert Xuda, and so on. And all these vendors provide their own certificate and key management solutions. Then there are smart card or cryptographic token extensions offered by various vendors.
All these are PKCS compatible, and yet incompatible. An oxymoron surely? But how can one have an “infrastructure” if the pieces of the infrastructure from various vendors have a difficult time working together? Even within a vendor’s solution, deployment is a big hassle. One needs to educate, and then explain away the “extra” burdensome steps required by users and administrators to configure, use and manage the solution.
