XML Key Management Requirements W3C XML Key Management Working Group Meeting – Dec 9 th, 2001 Frederick Hirsch (Zolera Systems) Mike Just (Entrust)

Slides:



Advertisements
Similar presentations
1 IETF KEYPROV WG Protocol Basis and Characteristics IEEE P April 11, 2007 Andrea Doherty.
Advertisements

OGSA Security Profile 2.0 (a.k.a. Express Authentication Profile) DUANE MERRILL October 18, 2007.
XKMS Specifications Phillip Hallam-Baker. Changes Since 1.1 Cosmetic Significant.
XML Key Management Services - Tutorial 9 December 01 Blair Dillaway Software Architect Microsoft Corp.
April 23, XKMS Requirements Update Frederick Hirsch, Mike Just April 23, 2002 Goals Requirements Summary –General, Security Last Call Issues –For.
OASIS OData Technical Committee. AGENDA Introduction OASIS OData Technical Committee OData Overview Work of the Technical Committee Q&A.
Overview of Web Services
Tuesday, June 10, 2003 Web Services Brief Overview & Security Assertion Coordinator Pattern by Mohammad Abushadi & Riaz Ahmed for Security Group CSE -
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
CT-KIP Magnus Nyström, RSA Security 23 May Overview A client-server protocol for initialization (and configuration) of cryptographic tokens —Intended.
A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E IEPG March 2000 APNIC Certificate Authority Status Report.
A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E APNIC Open Policy Meeting SIG: Whois Database October 2000 APNIC Certificate Authority.
Practical Digital Signature Issues. Paving the way and new opportunities. Juan Carlos Cruellas – DSS-X co-chair Stefan Drees - DSS-X.
Web Service Security CS409 Application Services Even Semester 2007.
XML Encryption Prabath Siriwardena Director, Security Architecture.
1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 23: Internet Authentication Applications.
Lecture 23 Internet Authentication Applications
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.
Securing Web Services Using Semantic Web Technologies Brian Shields PhD Candidate, Department of Information Technology, National University of Ireland,
Peoplesoft: Building and Consuming Web Services
Trusted Archive Protocol (TAP) Carl Wallace
Long-term Archive Service Requirements draft-ietf-ltans-reqs-00.txt.
Web services security I
TLS 1.2 and NIST SP A Tim Polk November 10, 2006.
September, 2005What IHE Delivers 1 ITI Security Profiles – ATNA, CT IHE Vendors Webinar 2006 IHE IT Infrastructure Education Robert Horn, Agfa Healthcare.
SSL / TLS in ITDS Arun Vishwanathan 23 rd Dec 2003.
Registration Processing for the Wireless Internet Ian Gordon Director, Market Development Entrust Technologies.
Lecture 23 Internet Authentication Applications modified from slides of Lawrie Brown.
DICOM Security Lawrence Tarbox, Ph.D. Chair, WG 14 Mallinckrodt Institute of Radiology Washington University in St. Louis School of Medicine.
WS-Security: SOAP Message Security Web-enhanced Information Management (WHIM) Justin R. Wang Professor Kaiser.
Network Security Lecture 26 Presented by: Dr. Munam Ali Shah.
Dynamic Symmetric Key Provisioning Protocol (DSKPP) Mingliang Pei Salah Machani IETF68 KeyProv WG Prague.
Web Services Security Standards Overview for the Non-Specialist Hal Lockhart Office of the CTO BEA Systems.
Dr. Bhavani Thuraisingham October 2006 Trustworthy Semantic Webs Lecture #16: Web Services and Security.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 22 – Internet Authentication.
XMPP Concrete Implementation Updates: 1. Why XMPP 2 »XMPP protocol provides capabilities that allows realization of the NHIN Direct. Simple – Built on.
CERTIFICATES. What is a Digital Certificate? Electronic counterpart to a drive licenses or a passport. Enable individuals and organizations to secure.
1 The Cryptographic Token Key Initialization Protocol (CT-KIP) KEYPROV BOF IETF-67 San Diego November 2006 Andrea Doherty.
17 March 2008 © 2008 The University of Edinburgh, European Microsoft Innovation Center and University of Southampton IT Innovation Centre 1 NextGRID Security.
Shibboleth Akylbek Zhumabayev September Agenda Introduction Related Standards: SAML, WS-Trust, WS-Federation Overview: Shibboleth, GSI, GridShib.
June 6, CRISP Overview and Update Andrew Newton VeriSign Labs
WS-Trust “From each,according to his ability;to each, according to his need. “ Karl marx Ahmet Emre Naza Selçuk Durna
W3C Web Services Architecture Security Discussion Kick-Off Abbie Barbir, Ph.D. Nortel Networks.
 A Web service is a method of communication between two electronic devices over World Wide Web.
Security in ebXML Messaging CPP/CPA Elements. Elements of Security P rivacy –Protect against information being disclosed or revealed to any entity not.
1 Possible Principles and Requirements Frederick Hirsch, Nokia 12 July 2008.
Identity Proofing, Signatures, & Encryption in Direct esMD Author of Record Workgroup John Hall Coordinator, Direct Project June 13, 2012.
Security Patterns for Web Services 02/03/05 Nelly A. Delessy.
Task Force CoRD Meeting / XML Security for Statistical Data Exchange Gregory Farmakis Agilis SA.
Lecture 11 Overview. Digital Signature Properties CS 450/650 Lecture 11: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.
BEA position on W3C ‘Web Services’ Standards Jags Ramnarayan 11th April 2001.
Requirements and Selection Process for RADIUS Crypto-Agility December 5, 2007 David B. Nelson IETF 70 Vancouver, BC.
Web Services Security Mike Shaw Architectural Engineer.
Presented by: Sonali Pagade Nibha Dhagat paper1.pdf.
ESRIN, 15 December 2009 Slide 1 Web Service Security in HMA-T HMA-T Final Presentation 14 December 2009 S. Gianfranceschi, Intecs.
Access Policy - Federation March 23, 2016
Goals of soBGP Verify the origin of advertisements
S/MIME T ANANDHAN.
Security in ebXML Messaging
NAAS 2.0 Features and Enhancements
The Secure Sockets Layer (SSL) Protocol
CPPA3 Overview.
Presentation transcript:

XML Key Management Requirements W3C XML Key Management Working Group Meeting – Dec 9 th, 2001 Frederick Hirsch (Zolera Systems) Mike Just (Entrust)

December 9, 2001W3C XML Key Management WG2 Agenda Goals and Status Draft overview Resolved issues Open issues Next steps

December 9, 2001W3C XML Key Management WG3 Goals Produce W3C Working Draft that captures XML key management requirements 1 st work group deliverable in charter Last Call, January 2001 Expose issues early, achieve consensus Principles, scope and requirements Ensure coordination with other groups

December 9, 2001W3C XML Key Management WG4 Status 1st draft posted Nov 8 th Source of requirements: XML Key Mgmt Activity Proposal & Charter July Workshop Position Papers & Presentations XKMS version 1.1 (draft 4) XML Trust Center and mailing lists 2nd (and latest) draft posted Nov 23rd Incorporates feedback from list and teleconference No further feedback on list

December 9, 2001W3C XML Key Management WG5 Draft Overview: Principles Provide Universality and Usability Support simple clients Be transport protocol agnostic but define SOAP/XMLP bindings Be PKI-technology agnostic but ensure compatibility with recognized technologies Be XML-based Provide extensible messaging Clearly define client and server behaviour

December 9, 2001W3C XML Key Management WG6 Draft Overview:Principles… Be Secure Define transaction confidentiality and integrity options Address trust issues Design against known attacks (e.g. replay, substitution) Define key management requirements Define key information service requirements

December 9, 2001W3C XML Key Management WG7 Draft Overview: Out of Scope Non-repudiation Expressing PKI structures in XML Authentication & Authorization assertions Defining Web Services protocol security Anonymous access and service Inter-domain trust, cross-certification Knowledge representation Trusted time issues Design of cryptographic algorithms

December 9, 2001W3C XML Key Management WG8 Draft Overview: Services Key Registration Service A service for managing public key assertions Single and bulk key registration Revocation, recovery, re-issuance Key Information Service A service for obtaining information about public key assertions KeyInfo Retrieval - Tier 0 processing) KeyInfo Resolution (Tier 1 - Locate processing) KeyInfo Verification (Tier 2 - Validate processing)

December 9, 2001W3C XML Key Management WG9 Draft Overview: Requirements - Registration Service Support public key registration, revocation, and re-issuance Support private key retrieval from server Roaming applications Key recovery Define private key POP mechanism for both signing and encryption keys Define mechanism for out-of-band client authentication (e.g. with key derived from shared passphrase)

December 9, 2001W3C XML Key Management WG10 Draft Overview: Requirements – Bulk Registration Service Support asynchronous registration Support registration of multiple keys in a single request Support query of pending request status Support template-mode requests with server generated keys

December 9, 2001W3C XML Key Management WG11 Draft Overview: Requirements - Information Service Support for public key location given a element Support for public key validation including The binding of values to the key, The status of the public key. Support for responses with variable validity period

December 9, 2001W3C XML Key Management WG12 Draft Overview: Requirements - Server Interaction HTTP Binding URL specifies service and policy Messaging Web based, incl namespace and XML schema XML DigSig for signed requests/responses XML Encryption for private key protection Consistent Request/Response formats Support nonce, deferred authentication, opaque data Transport Bindings Transport agnostic (SOAP binding must be defined)

December 9, 2001W3C XML Key Management WG13 Resolved Issues Trust model/policy URL conveys policy No service negotiation, to enable simple client Security options to be highlighted, but mandatory choices deferred to protocol specs Privacy Server may use standard P3P techniques to define and communicate registration privacy policy

December 9, 2001W3C XML Key Management WG14 Resolved Issues… Request/Response security TransactionId as nonce URL returned in response context XML Signature of XKMS response supported in XKMS messaging No dependency on WS-Security

December 9, 2001W3C XML Key Management WG15 Open Issues Pending status (asynchronous registration) Optional items Consistency with SAML messages versus changes from v1.1 Trust model/policy Support for multiple PKI roots Requestor role passed to server? Is URI fine? Limits to SOAP linkage (Faults/integrity)

December 9, 2001W3C XML Key Management WG16 Open Issues… Request/Response security How to support deferred authentication Request digest returned in response? Digest of ? Roaming Should it be mentioned in this version? If so, how is it specified in XKMS? Other open issues?

December 9, 2001W3C XML Key Management WG17 Next steps Validate requirements with recent XKMS activities Coordinate with external activities Review Requirements draft Last Call for Requirements

December 9, 2001W3C XML Key Management WG18 Next Steps: Validate with recent XKMS activities Review XKMS 2.0 draft Review Bulk Registration draft Examine experience with XKMS test implementations

December 9, 2001W3C XML Key Management WG19 Next Steps: External Activity Coordination W3C XML Protocol (including SOAP) W3C Signature and Encryption Oasis Trust Center, especially SAML W3C Internationalization Interest Group W3C Architecture board W3C XML Core workgroup

December 9, 2001W3C XML Key Management WG20 Next Steps: Requirements Review requirements Do they meet your key management needs? Are they aligned with other activities? Are there any gaps? Are they consistent with XKMS experience? Are they consistent with XKMS and Bulk Registration drafts? Send comments to the editors and mailing list by Jan 11th Last Call draft completed by Jan 25, 2002

December 9, 2001W3C XML Key Management WG21 XML Key Management Requirements Info XML Key Management WG Latest Requirements draft Mail list instructions XKMS list archive (temporary mail list) Editor contact