1 The OASIS KMIP Standard: Interoperability for the Cryptographic Ecosystem www.oasis-open.org Jon Geater OASIS KMIP TC With thanks to Bob Griffin, co-chair,

Slides:



Advertisements
Similar presentations
Proposed Revised Mission of the Conformance Sig Current Mission Statement –The SIG Conformance will provide mechanisms for : 1. Specification of conformance.
Advertisements

Common Identifiers Providing Globally Unique Identifiers for UUID and Application IDs of keys and other objects.
CT-KIP Magnus Nyström, RSA Security 23 May Overview A client-server protocol for initialization (and configuration) of cryptographic tokens —Intended.
CT-KIP Magnus Nyström, RSA Security OTPS Workshop, October 2005.
Practical Digital Signature Issues. Paving the way and new opportunities. Juan Carlos Cruellas – DSS-X co-chair Stefan Drees - DSS-X.
TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
Cybersecurity Issues Impacting Public Sector Financial Management OASIS e-Gov Washington Workshop, April John Sabo Director Global Government Relations.
MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter 10 Securing Exchange Server 2003.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
Access 2007 Product Review. With its improved interface and interactive design capabilities that do not require deep database knowledge, Microsoft Office.
Key Management Interoperability Protocol By: Derrick Erickson.
Architecture & Data Management of XML-Based Digital Video Library System Jacky C.K. Ma Michael R. Lyu.
Chapter 12 USING TECHNOLOGY TO ENHANCE BUSINESS PROCESSES.
EbXML Registry Technical Committee n Defining and managing interoperable registries and repositories n The OASIS ebXML Registry TC develops specifications.
Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.
Key Management in Cryptography
LMS/RFID (Dis)integration Why Standards Matter Mick Fortune.
Key Management Guidelines. 1. Introduction 2. Glossary of Terms and Acronyms 3. Cryptographic Algorithms, Keys and Other Keying Material 4. Key Management.
Introduction to ebXML Mike Rawlins ebXML Requirements Team Project Leader.
Chapter 3 Mohammad Fozlul Haque Bhuiyan Assistant Professor CITI Jahangirnagar University.
OASIS OASIS Digital Signature Services Juan Carlos Cruellas Juan Carlos Cruellas Andreas Kuehne Stefan Drees Ernst Jan van Nigtevecht.
SNIA/SSIF KMIP Interoperability Proposal. What is the proposal? Host a KMIP interoperability program which includes: – Publishing a set of interoperability.
Digital Signatures and e-Identity. Getting the best out of DSS / DSS-X services. Andreas Kuehne – DSS-X member.
OASIS ebXML Registry Standard Open Forum 2003 on Metadata Registries 10:30 – 11:15 January 20, 2003 Kathryn Breininger The Boeing Company Chair, OASIS.
KMIP - Hardware Security Modules Meta-Data-Only (MDO) Keys Saikat Saha & Denis Pochuev Feb 2012.
SAML Right Here, Right Now Hal Lockhart September 25, 2012.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
Bob: Hello and welcome to this webinar on the OASIS Key Management Interoperability Protocol., or KMIP. My name is Bob Griffin, Chief.
SAML 2.1 Building on Success. Outline n Summary of SAML 2.0 n Work done since 2.0 n Objectives of SAML 2.1 n Proposed Task List n Undecided Issues n Invitation.
1 The Cryptographic Token Key Initialization Protocol (CT-KIP) KEYPROV BOF IETF-67 San Diego November 2006 Andrea Doherty.
DSKPP And PSKC: IETF Standard Protocol And Payload For Symmetric Key Provisioning Philip Hoyer Senior Architect – CTO Office.
DSKPP And PSKC: IETF Standard Protocol And Payload For Symmetric Key Provisioning Philip Hoyer Senior Architect – CTO Office.
Overview of the DON XML Vision, Policy, and Governance Bob Green & Stephanie Gernert Office of the Dept. of Navy Chief Information Officer (DON CIO)
KMIP 1.3 Deprecation February 20, Deprecation 5.1 KMIP Deprecation Rule Items in the normative KMIP Specification [KMIP-Spec] document can be marked.
Author - Title- Date - n° 1 Partner Logo EU DataGrid, Work Package 5 The Storage Element.
1 Key Management Interoperability Protocol (KMIP)
1. 2 Overview In Exchange security is managed by assigning permissions in Active Directory Exchange objects are secured with DACL and ACEs Permissions.
Health IT Workforce Curriculum Version 1.0 Fall Networking and Health Information Exchange Unit 3b National and International Standards Developing.
ESafe Open Modules Overview Open modules implementing the eSafe document exchange protocol.
1 ECCF Training 2.0 Implemental Perspective (IP) ECCF Training Working Group January 2011.
Digital Signatures, Message Digest and Authentication Week-9.
1 NIST Key State Models SP Part 1SP (Draft)
Objective: Enable portability and semi-automatic management of applications across clouds regardless of provider platform or infrastructure thus expanding.
U NITED N ATIONS C ENTRE F OR T RADE F ACILITATION A ND E LECTRONIC B USINESS Under the auspices of United Nations Economic Commission for Europe UN/CEFACT.
Security and Privacy for the Smart Grid James Bryce Clark, OASIS Robert Griffin, RSA Hal Lockhart, Oracle.
EbXML Conformance TC Activities August 14th, 2001 FUJITSU LIMITED.
IEEE SISWG P Sub-Committee Status Summary Walt Hubis 4/15/2009.
1 The Cryptographic Token Key Initialization Protocol (CT-KIP) KEYPROV WG IETF-68 Prague March 2007 Andrea Doherty.
Discussion - HITSC / HITPC Joint Meeting Transport & Security Standards Workgroup October 22, 2014.
KMIP Compliance Redefining Server and Client requirements to claim compliance Presented by: Bob Lockhart.
EbXML Registry and Repository Dept of Computer Engineering Khon Kaen University.
Bob: Hello and welcome to this webinar on the OASIS Key Management Interoperability Protocol., or KMIP. My name is Bob Griffin, Chief.
Encryption protocols Monil Adhikari. What is SSL / TLS? Transport Layer Security protocol, ver 1.0 De facto standard for Internet security “The primary.
KMIP - Hardware Security Modules Meta-Data-Only (MDO) Keys Saikat Saha & Denis Pochuev Feb 2012.
OASIS ebXML Registry Standard Open Forum 2003 on Metadata Registries 10:30 – 11:15 January 20, 2003 Kathryn Breininger The Boeing Company Chair, OASIS.
1 Key Management Interoperability Protocol (KMIP)
KMIP Compliance Redefining Server and Client requirements to claim compliance Presented by: Bob Lockhart.
Unit 1: IBM Tivoli Storage Manager 5.1 Overview. 2 Objectives Upon the completion of this unit, you will be able to: Identify the purpose of IBM Tivoli.
1 Key Management Interoperability Protocol (KMIP) Bob Griffin co-chair, KMIP TC
Security Policy and Key Management Centrally Manage Encryption Keys - Oracle TDE, SQL Server TDE and Vormetric. Tina Stewart, Vice President.
CS691 M2009 Semester Project PHILIP HUYNH
KMIP Key Management with Vormetric Data Security Manager
KMIP Key Management with Vormetric Data Security Manager
Enterprise Key Management with OASIS KMIP
Enabling Encryption for Data at Rest
Enabling Encryption for Data at Rest
CS691 M2009 Semester Project PHILIP HUYNH
Organization for the Advancement of Structured Information Standards
Cybersecurity Issues Impacting Public Sector Financial Management OASIS e-Gov Washington Workshop, April John Sabo Director.
Presentation transcript:

1 The OASIS KMIP Standard: Interoperability for the Cryptographic Ecosystem Jon Geater OASIS KMIP TC With thanks to Bob Griffin, co-chair, OASIS KMIP TC

2 KMIP Overview

3 Enterprise Cryptographic Environments Key Management System Disk Arrays Backup Disk Backup Tape Backup System Collaboration & Content Mgmt Systems File Server Portals Production Database ReplicaStaging Enterprise Applications eCommerce Applications Business Analytics Dev/Test Obfuscation WANLANVPN Key Management System CRM Often, Each Cryptographic Environment Has Its Own Key Management System

4 Enterprise Cryptographic Environments Key Management System Disk Arrays Backup Disk Backup Tape Backup System Collaboration & Content Mgmt Systems File Server Portals Production Database ReplicaStaging Enterprise Applications eCommerce Applications Business Analytics Dev/Test Obfuscation WANLANVPN Key Management System CRM Often, Each Cryptographic Environment Has Its Own Protocol Disparate, Often Proprietary Protocols

5 Enterprise Cryptographic Environments Enterprise Key Management Disk Arrays Backup Disk Backup Tape Backup System Collaboration & Content Mgmt Systems File Server Portals Production Database Replica Staging Key Management Interoperability Protocol Enterprise Applications eCommerce Applications Business Analytics Dev/Test Obfuscation WAN LAN VPN CRM KMIP: Single Protocol Supporting Enterprise Cryptographic Environments

6 What is KMIP The Key Management Interoperability Protocol (KMIP) enables key lifecycle management. KMIP supports legacy and new cryptographic-enabled applications, supporting symmetric keys, asymmetric keys, digital certificates, and other "shared secrets." KMIP offers developers templates to simplify the development and use of KMIP-enabled applications. KMIP defines the protocol for cryptographic client and key- management server communication. Key lifecycle operations supported include generation, submission, retrieval, and deletion of cryptographic objects. Vendors will deliver KMIP-enabled cryptographic applications that support communication with compatible KMIP key- management servers.

7 What is KMIP Key Client Key Server API Internal representation Transport Internal representation Transport KMIP Encode KMIP Decode API KMIP

8 KMIP status n KMIP Technical Committee was established in OASIS in April 2009 l Submissions included at the time of TC creation included draft specification, usage guide and use cases l Initial membership included most significant vendors in cryptographic solutions and key management and has continued to grow. n KMIP V1.0 standard approved end-September 2010 l Revision of initial submissions April-October 2009 l First public review Nov/Dec 2009 l Revision of documents Jan-April 2010 l Second public review May/June l Approval of KMIP V1.0 docs as OASIS standard Sept 2010 n 2 public interops completed n KMIP V1.0 conformance defined in terms of server profiles, such as Symmetric Key Foundry

9 KMIP Profiles n Purpose is to define what any implementation of the specification must adhere to in order to claim conformance to the specification l Define the use of KMIP objects, attributes, operations, message elements and authentication methods within specific contexts of KMIP server and client interaction. l Define a set of normative constraints for employing KMIP within a particular environment or context of use. l Optionally, require the use of specific KMIP functionality or in other respects define the processing rules to be followed by profile actors. n Three profiles defined in V1.0 l Secret data l Symmetric key store l Symmetric key foundry n Profiles are further qualified by authentication suite l TLS V1.0 / V1.1 l TLS V1.2

10 KMIP Work Items for vNext l Next version of KMIP standard expected Q l Additions to protocol under discussion n permissions and groups n client registration n expanded server-to-server use cases n Authentication methods l Additions to profiles include expanded certificate services and asymmetric key functionality. l Enhanced interoperability testing

11 KMIP V1.0 Documents l l l l l

12 Enterprise Cryptographic Environments Enterprise Key Management System Disk Arrays Backup Disk Backup Tape Backup System Collaboration & Content Mgmt Systems File Server Portals Production Database ReplicaStaging Key Management Interoperability Protocol Enterprise Applications eCommerce Applications Business Analytics Dev/Test Obfuscation WAN LAN VPN CRM KMIP: Interoperability for the Cryptographic Ecosystem

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.