|
Table of Contents
Announcements
February 4, 2009 - OASIS MSKSML sub-committee created.
The EKMI TC creates a Mobile SKSML sub-committee to define a mobile-profile of SKSML for low-power, low-bandwidth devices (such as mobile phones).
MSKSML SC Home Page
January 17, 2009 - SKSML approved as Committee Specification
The EKMI Technical Committee voted the Symmetric Key Services Markup Language as a Committee Specification.
Specification Document
November 18, 2008 - DRAFT8 of SKSML available
The Symmetric Key Services Markup Language adds support for optionally sending an encryption certificate in the request to the server. DRAFT8 Specification and XSD.
November 5, 2008 - DRAFT7 of SKSML available
The Symmetric Key Services Markup Language has added support for asynchronous request/responses, as well as standard Error Codes in this current draft. DRAFT7 Specification and XSD.
September 23, 2008 - OASIS concludes public review of SKSML
OASIS' Enterprise Key Management Infrastructure Technical Committee concluded the 60-day formal review of the Symmetric Key Services Markup Language today.
July 23, 2008 - OASIS begins public review of SKSML
OASIS' Enterprise Key Management Infrastructure Technical Committee begins the formal review of the Symmetric Key Services Markup Language today. Details.
June 30, 2008 - Tech Road Map: EKMI
OASIS' open Enterprise Key Management Infrastructure initiative promises less-complex encryption. But will vendors get on board? InformationWeek.
June 24, 2008 - DRAFT 6 of the SKSML 1.0 Specification is available for review. It incorporates feedback received from TC members. The OpenOffice and PDF documents can be found in the document archives.
June 19, 2008 - An update to the SKSML 1.0 Specification (DRAFT 5.1) is available for review. The OpenOffice and PDF documents can be found in the document archives.
June 09, 2008 - A full DRAFT of the SKSML 1.0 Specification (DRAFT 4) is now available for review. The OpenOffice and PDF documents can be found in the document archives.
February 22, 2008 - DRAFT v3 of the SKSML protocol has been approved as a Committee DRAFT by the Enterprise Key Management Infrastructure (EKMI) Technical Committee.
February 05, 2008 - A new DRAFT specification for SKSML (Version 3) is now available for review. Version 3 incorporates the ability to request and receive multiple symmetric keys from an SKS server. The ZIP file containing the XSD and sample instances of the protocol can be found in the document archives.
December 27, 2007 - A new DRAFT specification for SKSML (Version 2) is now available for review. Version 2 incorporates feedback received on the Version 1 protocol specification from many TC members. The ZIP file containing the XSD and sample instances of the protocol can be found in the document archives.
December 15, 2007 - The EKMI TC approves submission of information on SKSML to the IEEE 1619.3 Working Group. The IEEE WG is working on a protocol to manage encryption keys for storage devices and has concurred that it will integrate with SKSML. Details of the ballot are here, while the IEEE document submission can be found here, .
November 01, 2007 - The Singapore chapter of ISACA announces an EKMI Workshop. Details and registration information are available at http://www.isaca.org.sg/isaca/eventdetails.cfm?idno=131.
October 19, 2007 - The San Francisco chapter of ISACA announces the availability of an EKMI Workshop on November 15, 2007. Details and registration information are available at http://www.sfisaca.org/.
October 3, 2007 - The Singapore chapter of ISACA announces the first ever EKMI Workshop. Details and registration information are available at http://www.isaca.org.sg/.
September 21, 2007 - "It might appear that the technology industry just discovered encryption-key management in 2007." So said Greg Goth of the IEEE Distributed Systems Online. Read the full story at Key Management Standards Hit the Fast Track.
June 25, 2007 - "EKMI will be an important step in addressing this problem in an open, cross-vendor manner". So said Trent Henry, a senior analyst at The Burton Group on the efforts of the EKMI TC. Read the full EKMI TC Press Release.
June 21, 2007 - Ken Adler and Mike Nelson are elected Co-Chairs of the EKMI SKMS Audit Guidelines SubCommittee (AGSC). The AGSC has responsibilities for creating guidelines that permit IT Auditors to audit EKMIs effectively, and for educating IT Auditors on EKMI and the Audit Guidelines.
June 18, 2007 - Webinar on Enterprise Key Management Infrastructure (EKMI) scheduled for July 10, 2007. Click here for details and registration.
June 18, 2007 - The SKSML protocol has been approved as a Committee DRAFT by the Enterprise Key Management Infrastructure (EKMI) Technical Committee.
June 18, 2007 - The SKSML Requirements Document has been approved as a Committee DRAFT by the Enterprise Key Management Infrastructure (EKMI) Technical Committee.
June 12, 2007 - An FAQ on the Enterprise Key Management Infrastructure (EKMI) Technical Committee is now available.
May 29, 2007 - Arshad Noor, Chair of the EKMI-TC
will be speaking on "Enterprise Key Management Infrastructures" at
the ISSE/SECURE 2007 Conference in Warsaw, Poland in September 2007.
March 28, 2007 - Arshad Noor, Chair of the EKMI-TC
will be speaking on "Enterprise Key Management Infrastructures:
Understanding them before auditing them" at
the ISACA International 2007 Conference in Singapore in July 2007.
January 16, 2007 - Arshad Noor, Co-Chair of the EKMI-TC
will be speaking on "Enterprise Key Management Infrastructures:
An Evolution Towards Securing Data for eBusiness/eGovernment" at
the OASIS Symposium 2007 in San Diego.
January 16, 2007 - The OASIS Enterprise Key Management
Infrastructure Technical Committee (EKMI-TC) convened on January 16,
2007. The newly formed committee, unanimously, elected Arshad Noor
(StrongAuth, Inc.) and Dr. Hans Van Tilburg (Visa International) as
Co-Chairs of the EKMI-TC. Additionally, it voted to become part of
the OASIS PKI Member Section and created the four following
subcommittees:
- EKMI Symmetric Key Services Markup Language (SKSML)
Subcommittee
- EKMI SKMS Implementation and Operations Guidelines
Subcommittee
- EKMI SKMS Audit Guidelines Subcommittee
- EKMI SKSML Test Suite Subcommittee
Overview
Enterprise Key Management Infrastructure (EKMI) is the term given
to "a collection of technology, policies and procedures for
managing all cryptographic keys - symmetric and asymmetric - in the
enterprise". An EKMI has the following characteristics:
- It allows enterprises to define cryptographic key-management
policy in a single place
- It provides secure protocols for availing key-management
services from servers configured for this purpose
- It is platform and application-independent
- It is scalable to accommodate the needs of an enterprise of
any size
- It is redundant to provide cryptographic services even in the
face of network failures
- It is extremely secure
An EKMI typically consists of a Public Key Infrastructure (PKI) -
to manage the asymmetric keys - and a Symmetric Key Management
System (SKMS) - to manage the symmetric keys. Currently, these two
systems must remain distinct even though an SKMS relies on digital
certificates issued by the PKI for authentication, message integrity
and confidentiality. However, once the current goals of the EKMI-TC
are realized (see below), the TC anticipates focusing on what is
necessary to evolve the PKI and SKMS to a single EKMI in the future.
The purpose of the OASIS EKMI-TC are:
- To standardize a protocol - the Symmetric Key
Services Markup Language (SKSML) - for applications and/or
computerized devices to acquire symmetric key management services,
securely, over a network
- To create implementation and Operations Guidelines for how to
build and operate Symmetric Key Management Systems (SKMS)
- To work with other standards-setting bodies on Audit
Guidelines for SKMS and
- To create an interoperability testing suite for the Symmetric
Key Services Markup Language (SKSML) protocol
For more information, see the TC
Charter and FAQ
Subcommittees
Technical Work Produced by the Committee
Symmetric Key Services Markup Language 1.0 (XSD)
SKSML 1.0 Committee Specification (Normative)
Wiki for OASIS EKMI TC member collaboration
Expository Work Produced by the Committee
SKSML Requirements (PDF)
SKSML Use Cases (PDF)
EKMI Policy Guidelines (PDF)
External
Resources
Although not produced by the OASIS TC, the following information
offers useful insights into its work.
IDtrust XML.org is a community-driven site hosted by OASIS that provides reliable background information on the standard. The site also serves as a community bulletin board and directory where readers post news, ideas, opinions, and recommendations. It incorporates wiki functionality to let users edit and add new pages to the site. The public is encouraged to contribute content.
A presentation on EKMI given by Arshad Noor, Co-Chair of the EKMI-TC, at the OASIS Adoption Forum in London, on November 28, 2006 - http://www.oasis-open.org/events/adoptionforum2006/slides/noor.pdf
An open-source implementation of a Symmetric Key Management System that implements the proposed SKSML protocol - www.strongkey.org
Mailing
Lists and Comments
ekmi@lists.oasis-open.org
ekmi-sksml@lists.oasis-open.org
ekmi-implementation@lists.oasis-open.org
ekmi-audit@lists.oasis-open.org
ekmi-testsuite@lists.oasis-open.org
Additional Information
WIP.
Content for this OASIS TC web page is provided by [name] of [organization (if OASIS organizational member)] on behalf of the TC. For technical assistance, contact webmaster@oasis-open.org.
|
