Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 The OASIS KMIP Standard: Interoperability for the Cryptographic Ecosystem www.oasis-open.org Jon Geater OASIS KMIP TC With thanks to Bob Griffin, co-chair,

Published byBernard Stone Modified over 8 years ago

Similar presentations

Presentation on theme: "1 The OASIS KMIP Standard: Interoperability for the Cryptographic Ecosystem www.oasis-open.org Jon Geater OASIS KMIP TC With thanks to Bob Griffin, co-chair,"— Presentation transcript:

1 1 The OASIS KMIP Standard: Interoperability for the Cryptographic Ecosystem www.oasis-open.org Jon Geater OASIS KMIP TC With thanks to Bob Griffin, co-chair, OASIS KMIP TC

2 2 KMIP Overview

3 3 Enterprise Cryptographic Environments Key Management System Disk Arrays Backup Disk Backup Tape Backup System Collaboration & Content Mgmt Systems File Server Portals Production Database ReplicaStaging Enterprise Applications eCommerce Applications Business Analytics Dev/Test Obfuscation WANLANVPN Key Management System CRM Often, Each Cryptographic Environment Has Its Own Key Management System Email

4 4 Enterprise Cryptographic Environments Key Management System Disk Arrays Backup Disk Backup Tape Backup System Collaboration & Content Mgmt Systems File Server Portals Production Database ReplicaStaging Enterprise Applications eCommerce Applications Business Analytics Dev/Test Obfuscation WANLANVPN Key Management System CRM Often, Each Cryptographic Environment Has Its Own Protocol Email Disparate, Often Proprietary Protocols

5 5 Enterprise Cryptographic Environments Enterprise Key Management Disk Arrays Backup Disk Backup Tape Backup System Collaboration & Content Mgmt Systems File Server Portals Production Database Replica Staging Key Management Interoperability Protocol Enterprise Applications Email eCommerce Applications Business Analytics Dev/Test Obfuscation WAN LAN VPN CRM KMIP: Single Protocol Supporting Enterprise Cryptographic Environments

6 6 What is KMIP The Key Management Interoperability Protocol (KMIP) enables key lifecycle management. KMIP supports legacy and new cryptographic-enabled applications, supporting symmetric keys, asymmetric keys, digital certificates, and other "shared secrets." KMIP offers developers templates to simplify the development and use of KMIP-enabled applications. KMIP defines the protocol for cryptographic client and key- management server communication. Key lifecycle operations supported include generation, submission, retrieval, and deletion of cryptographic objects. Vendors will deliver KMIP-enabled cryptographic applications that support communication with compatible KMIP key- management servers.

7 7 What is KMIP Key Client Key Server API Internal representation Transport Internal representation Transport KMIP Encode KMIP Decode API KMIP

8 8 KMIP status n KMIP Technical Committee was established in OASIS in April 2009 l Submissions included at the time of TC creation included draft specification, usage guide and use cases l Initial membership included most significant vendors in cryptographic solutions and key management and has continued to grow. n KMIP V1.0 standard approved end-September 2010 l Revision of initial submissions April-October 2009 l First public review Nov/Dec 2009 l Revision of documents Jan-April 2010 l Second public review May/June 2010. l Approval of KMIP V1.0 docs as OASIS standard Sept 2010 n 2 public interops completed n KMIP V1.0 conformance defined in terms of server profiles, such as Symmetric Key Foundry

9 9 KMIP Profiles n Purpose is to define what any implementation of the specification must adhere to in order to claim conformance to the specification l Define the use of KMIP objects, attributes, operations, message elements and authentication methods within specific contexts of KMIP server and client interaction. l Define a set of normative constraints for employing KMIP within a particular environment or context of use. l Optionally, require the use of specific KMIP functionality or in other respects define the processing rules to be followed by profile actors. n Three profiles defined in V1.0 l Secret data l Symmetric key store l Symmetric key foundry n Profiles are further qualified by authentication suite l TLS V1.0 / V1.1 l TLS V1.2

10 10 KMIP Work Items for vNext l Next version of KMIP standard expected Q4 2011 l Additions to protocol under discussion n permissions and groups n client registration n expanded server-to-server use cases n Authentication methods l Additions to profiles include expanded certificate services and asymmetric key functionality. l Enhanced interoperability testing

11 11 KMIP V1.0 Documents l http://xml.coverpages.org/KMIP/KMIP-FAQ.pdf http://xml.coverpages.org/KMIP/KMIP-FAQ.pdf l http://docs.oasis-open.org/kmip/spec/v1.0/ http://docs.oasis-open.org/kmip/spec/v1.0/ l http://docs.oasis-open.org/kmip/ug/v1.0/ http://docs.oasis-open.org/kmip/ug/v1.0/ l http://docs.oasis-open.org/kmip/profiles/v1.0/ http://docs.oasis-open.org/kmip/profiles/v1.0/ l http://docs.oasis-open.org/kmip/usecases/v1.0/ http://docs.oasis-open.org/kmip/usecases/v1.0/

12 12 Enterprise Cryptographic Environments Enterprise Key Management System Disk Arrays Backup Disk Backup Tape Backup System Collaboration & Content Mgmt Systems File Server Portals Production Database ReplicaStaging Key Management Interoperability Protocol Enterprise Applications eCommerce Applications Business Analytics Dev/Test Obfuscation WAN LAN VPN CRM Email KMIP: Interoperability for the Cryptographic Ecosystem

Download ppt "1 The OASIS KMIP Standard: Interoperability for the Cryptographic Ecosystem www.oasis-open.org Jon Geater OASIS KMIP TC With thanks to Bob Griffin, co-chair,"

Similar presentations

Proposed Revised Mission of the Conformance Sig Current Mission Statement –The SIG Conformance will provide mechanisms for : 1. Specification of conformance.

Proposed Revised Mission of the Conformance Sig Current Mission Statement –The SIG Conformance will provide mechanisms for : 1. Specification of conformance.
Www.thales-esecurity.com Common Identifiers Providing Globally Unique Identifiers for UUID and Application IDs of keys and other objects.

Common Identifiers Providing Globally Unique Identifiers for UUID and Application IDs of keys and other objects.
CT-KIP Magnus Nyström, RSA Security 23 May 2005. Overview A client-server protocol for initialization (and configuration) of cryptographic tokens —Intended.

CT-KIP Magnus Nyström, RSA Security 23 May Overview A client-server protocol for initialization (and configuration) of cryptographic tokens —Intended.
CT-KIP Magnus Nyström, RSA Security OTPS Workshop, October 2005.

CT-KIP Magnus Nyström, RSA Security OTPS Workshop, October 2005.
Practical Digital Signature Issues. Paving the way and new opportunities. www.oasis-open.org Juan Carlos Cruellas – DSS-X co-chair Stefan Drees - DSS-X.

Practical Digital Signature Issues. Paving the way and new opportunities. Juan Carlos Cruellas – DSS-X co-chair Stefan Drees - DSS-X.
TLS. 14.1 Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.

TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
Cybersecurity Issues Impacting Public Sector Financial Management OASIS e-Gov Washington Workshop, April 17 2009 John Sabo Director Global Government Relations.

Cybersecurity Issues Impacting Public Sector Financial Management OASIS e-Gov Washington Workshop, April John Sabo Director Global Government Relations.
70-284 MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter 10 Securing Exchange Server 2003.

MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter 10 Securing Exchange Server 2003.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
Access 2007 Product Review. With its improved interface and interactive design capabilities that do not require deep database knowledge, Microsoft Office.

Access 2007 Product Review. With its improved interface and interactive design capabilities that do not require deep database knowledge, Microsoft Office.
Key Management Interoperability Protocol By: Derrick Erickson.

Key Management Interoperability Protocol By: Derrick Erickson.
Architecture & Data Management of XML-Based Digital Video Library System Jacky C.K. Ma Michael R. Lyu.

Architecture & Data Management of XML-Based Digital Video Library System Jacky C.K. Ma Michael R. Lyu.
Chapter 12 USING TECHNOLOGY TO ENHANCE BUSINESS PROCESSES.

Chapter 12 USING TECHNOLOGY TO ENHANCE BUSINESS PROCESSES.
EbXML Registry Technical Committee n Defining and managing interoperable registries and repositories n The OASIS ebXML Registry TC develops specifications.

EbXML Registry Technical Committee n Defining and managing interoperable registries and repositories n The OASIS ebXML Registry TC develops specifications.
Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.

Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.
Key Management in Cryptography

Key Management in Cryptography
LMS/RFID (Dis)integration Why Standards Matter Mick Fortune.

LMS/RFID (Dis)integration Why Standards Matter Mick Fortune.
Key Management Guidelines. 1. Introduction 2. Glossary of Terms and Acronyms 3. Cryptographic Algorithms, Keys and Other Keying Material 4. Key Management.

Key Management Guidelines. 1. Introduction 2. Glossary of Terms and Acronyms 3. Cryptographic Algorithms, Keys and Other Keying Material 4. Key Management.
Introduction to ebXML Mike Rawlins ebXML Requirements Team Project Leader.

Introduction to ebXML Mike Rawlins ebXML Requirements Team Project Leader.
Chapter 3 Mohammad Fozlul Haque Bhuiyan Assistant Professor CITI Jahangirnagar University.

Chapter 3 Mohammad Fozlul Haque Bhuiyan Assistant Professor CITI Jahangirnagar University.

Similar presentations

Ads by Google