Boston, MA, USA; 2 March 2011 – The OASIS international open standards consortium has gathered the support of leading vendors and users of Service Oriented Architecture (SOA) repositories to address a critical interoperability issue. The newly formed OASIS SOA Repository Artifact Model and Protocol (S-RAMP) Technical Committee will advance a standard for sharing data across SOA repository products from multiple vendors in both cloud and non-cloud environments. Based on a contribution authored by HP, IBM, Software AG, and TIBCO, the S-RAMP specification defines an SOA repository artifact data model together with bindings that describe the syntax for interacting with an SOA repository. “The goal of this technical committee is to produce a standard that will eliminate the need to build customized access methods for each suppliers’ SOA repository offerings,” said Vincent Brunssen of IBM and chair of the OASIS S-RAMP Technical Committee. “A vendor-neutral approach to accessing the data in SOA repositories is essential to giving organizations the flexibility to select the tools that work best for their growing IT infrastructure.” S-RAMP builds on existing specifications including the SOA Ontology from The Open Group, the Atom Syndication Format Standard, and the Atom Publishing Protocol Standard from IETF. Participation in the S-RAMP Technical Committee is open to all interested parties. Archives of the Committee’s work are accessible to both members and non-members, and OASIS invites public review and comment. Support for S-RAMP IBM “Our clients want the choice and freedom that comes with the ability to access the data in their SOA repositories in multi-vendor environments. This is why IBM co-authored the original specification and are excited so many companies have joined the S-RAMP Technical Committee. This emerging industry standard is key to the future of SOA and helping clients use data to grow their business.” — Angel Luis Diaz, vice president of software standards Red Hat “Red Hat believes that the output of the S-RAMP Technical Committee is crucial to the next step in the evolution of SOA and is pleased to support this work.” — Dr. Mark Little, Senior Director of Engineering SOA Software “SOA Software is pleased to be a Sponsor member of the OASIS S-RAMP Technical Committee and is committed to driving requirements from its wide range of enterprise customers into the S-RAMP specification. As SOA adoption accelerates, IT organizations often need to access information from multiple SOA repositories. S-RAMP has great potential to enable customers to better integrate and build closed loop governance across repositories in the enterprise. Standards such as S-RAMP add value to customers as well as the whole SOA vendor ecosystem.” — Brent Carlson, SVP Technology Software AG “S-RAMP significantly advances the interoperability of tools that need to integrate with SOA repository solutions from various vendors. A vendor-neutral SOA repository information model and standard protocols to access data is a highly desirable advancement in this space. As co-authors of the S-RAMP specifications, Software AG is pleased to see this next major step in becoming an industry standard with the formation of the OASIS S-RAMP Technical Committee.” — Hans-Christoph Rohland, Senior Vice President-Research & Development Additional information: OASIS S-RAMP Technical Committee S-RAMP FAQ About OASIS: OASIS (Organization for the Advancement of Structured Information Standards) is a not-for-profit, international consortium that drives the development, convergence and adoption of open standards for the global information society. OASIS promotes industry consensus and produces worldwide standards for SOA, security, cloud computing, Web services, the Smart Grid, content technologies, business transactions, emergency management, and other applications. OASIS open standards offer the potential to lower cost, stimulate innovation, grow global markets, and protect the right of free choice of technology. OASIS members broadly represent the marketplace of public and private sector technology leaders, users, and influencers. The consortium has more than 5,000 participants representing over 600 organizations and individual members in 100 countries. http://www.oasis-open.org Press contact: Carol Geyer Senior Director of Communications and Development OASIS carol.geyer@oasis-open.org +1.781.425.5073 x209 (office) +1.941.284.0403 (mobile)

Boston, MA, USA; 7 February 2011 — Members of the OASIS Key Management Interoperability Protocol (KMIP) Technical Committee will demonstrate their implementations of the open standard as part of the RSA Conference and Exposition in San Francisco, 14-18 February 2011. The team will show how KMIP enables communication between key management systems and cryptographically-enabled applications, including email, databases, and storage devices. Implementations from seven companies including Cryptsoft, Emulex, HP, IBM, High Density Devices, RSA, and SafeNet will be featured. The demo will provide a real-world view into how KMIP simplifies the way companies can manage cryptographic keys. Essential use cases such as generating, locating, retrieving, registering, and deleting keys will be incorporated. Support for a variety of cryptographic objects, including symmetric and asymmetric keys, digital certificates, and authentication tokens, will be featured. The demonstration will showcase implementations of KMIP version 1.0, which was officially approved as an OASIS Standard last October. The Technical Committee is currently developing version 2.0 of KMIP which will define new conformance profiles and address additional requirements including client registration. Support for KMIP Interop Emulex “Today’s enterprises operate in increasingly complex, multi-vendor environments. Emulex’s OneSecureTM infrastructure data loss prevention (DLP) solution maximizes data security, minimizes costs and is architected to comply with the KMIP OASIS Standard, providing superior access control capabilities,” said Shaun Walsh, vice president of marketing, Emulex. “The OASIS demonstration highlights the interoperability between Emulex OneCommandTM Guardian and OASIS members’ key management systems in data center and cloud computing environments.” HP “Businesses and governments want interoperable technology so they can redirect IT resources toward business innovation,” said Chris Whitener, chief security strategist at HP. “HP is committed to supporting the KMIP OASIS Standard and securing organizations with our broad portfolio of security products and service offerings.” RSA “As experts in cryptography, RSA believes strongly that effective use of encryption and other cryptographic capabilities requires that key management be an enterprise activity, supporting all of the enterprise’s cryptographic environments from a single enterprise key management infrastructure, ” said Robert Griffin, Chief Security Architect at RSA, the Security Division of EMC. “KMIP represents a significant step forward in securing information infrastructure, enabling support for interoperability between cryptographic clients and enterprise key management systems, while also reducing infrastructure costs and the risks in adopting cryptographic solutions.” SafeNet “Most enterprises today use individual encryption technologies to protect vital assets and to comply with regulatory requirements instead of adopting a holistic approach to cryptography. Key management is the foundation of encryption services and a vital element in overall security policy and assets management,” said Rami Shalom, vice president, product management, data encryption and control, SafeNet. “By supporting KMIP 1.0 and KMIP Profiles 1.0, now approved as OASIS Standards, and the 2.0 version that is in development, SafeNet enables its customers to centrally manage encryption efforts across the entire organization, address regulatory requirements, and get the most value out of encryption.” Complimentary passes to attend the OASIS KMIP Interop at RSA are available. Contact communications@oasis-open.org for details. Additional information: OASIS KMIP Technical Committee OASIS IDtrust Member Section About OASIS: OASIS (Organization for the Advancement of Structured Information Standards) is a not-for-profit, international consortium that drives the development, convergence and adoption of open standards for the global information society. OASIS promotes industry consensus and produces worldwide standards for security, cloud computing, Web services, the Smart Grid, content technologies, business transactions, emergency management, and other applications. OASIS open standards offer the potential to lower cost, stimulate innovation, grow global markets, and protect the right of free choice of technology. OASIS members broadly represent the marketplace of public and private sector technology leaders, users, and influencers. The consortium has more than 5,000 participants representing over 600 organizations and individual members in 100 countries. http://www.oasis-open.org Press contact: Carol Geyer Senior Director of Communications and Development OASIS carol.geyer@oasis-open.org +1.781.425.5073 x209 (office) +1.941.284.0403 (mobile)

Boston, MA, USA; 12 January 2011 – The international open standards consortium, OASIS, has formed a new group to address the challenge of integrating privacy and security policies into systems and processes. The OASIS Privacy Management Reference Model (PMRM) Technical Committee will advance an open standards framework that will define rigorous and consistent ways to integrate ‘privacy by design’ into networked applications. PMRM will support emerging and complex cloud computing environments and help companies define architectures to support their privacy obligations, reduce the threat of policy breaches, and cope with the growing complexities of privacy risk management. “The OASIS Policy Management Reference Model (PMRM) is a long-awaited tool for assessing the comparability of various online privacy protection policies and practices. Not a policy itself but rather a tool, the PMRM will find broad uptake in e-commerce and e-gov implementations,” said Dr. Peter Alterman, senior advisor to the CIO, U.S. National Institutes of Health. “PMRM picks up where broad privacy policies and control statements leave off,” explained John Sabo of CA Technologies, co-chair of the OASIS PMRM Technical Committee. “Most policies describe fair information practices and principles but offer little insight to IT professionals who must build systems to support implementation. PMRM will provide a template for developing operational solutions to privacy issues and serve as a model for ensuring that privacy controls are in place across policy and enterprise boundaries in the growing cloud environment.” “Cloud computing and social networking are two of the drivers behind PMRM, which will target the needs of the Smart Grid, health care, finance, insurance, eDiscovery, geospatial, eGovernment, and other areas,” added Michael Willett, OASIS PMRM Committee co-chair. “To ensure compliance with privacy policies in critical areas like these, you need a standards-based structured model that is developed through stakeholder consensus in an open process. It’s absolutely essential to getting it right.” High-level support for PMRM is already in place. The International Security, Trust & Privacy Alliance (ISTPA) has contributed its Privacy Management Reference Model 2.0 as a starting point for the OASIS work. “To maintain compliance with privacy mandates in increasingly complex, global cloud environments, organizations will need a standards-based, network- and system-agnostic model for implementing policies across highly dynamic and virtualized computing environments,” said Donald F. Ferguson, CTO at CA Technologies. “As one of the industry’s leading providers of IT management solutions for the cloud and the virtualized data center, CA Technologies sees the OASIS PMRM TC as an important step forward in enabling customers to implement this kind of unified and adaptable model to fulfill their new privacy management requirements.” Participation in the PMRM Technical Committee is open to all interested parties, including privacy policy makers, privacy and security consultants, auditors, IT systems architects, and designers of systems that process personal information. Archives of the Committee’s work will be accessible to both members and non-members, and OASIS will invite public review and comment. Additional information: OASIS PMRM Technical Committee PMRM recorded webinar, webinar overview About OASIS: OASIS (Organization for the Advancement of Structured Information Standards) is a not-for-profit, international consortium that drives the development, convergence and adoption of open standards for the global information society. OASIS promotes industry consensus and produces worldwide standards for security, cloud computing, Web services, the Smart Grid, content technologies, business transactions, emergency management, and other applications. OASIS open standards offer the potential to lower cost, stimulate innovation, grow global markets, and protect the right of free choice of technology. OASIS members broadly represent the marketplace of public and private sector technology leaders, users, and influencers. The consortium has more than 5,000 participants representing over 600 organizations and individual members in 100 countries. http://www.oasis-open.org Press contact: Carol Geyer Senior Director of Communications and Development OASIS carol.geyer@oasis-open.org +1.781.425.5073 x209 (office) +1.941.284.0403 (mobile)

Boston, MA, USA; 16 December 2010 – The OASIS open standards consortium today announced approval of the Cross-Enterprise Security and Privacy Authorization (XSPA) Profile of WS-Trust for Healthcare, version 1.0. The profile enables healthcare organizations to appropriately authorize access to healthcare information by leveraging the WS-Trust open standard. The XSPA Profile of WS-Trust is now an official OASIS Standard, a status that signifies the highest level of ratification. WS-Trust is the latest in the XSPA suite of security standard profiles for healthcare; other XSPA profiles include the Security Assertion Markup Language (SAML) and the Extensible Access Control Markup Language (XACML). The need for these XSPA profiles was identified by the security and privacy working group of the U.S. Healthcare Information Technology Standards Panel (HITSP), which is administered by the American National Standards Institute (ANSI). Mike Davis of the U.S. Department of Veterans Affairs noted, “This new profile, in conjunction with XPSA SAML and XACML, completes the effort undertaken by OASIS in support of the HITSP Access Control construct and the Nationwide Health Information Network. We are pleased to see OASIS now extending this effort to the international community.” “An extension of WS-Security, WS-Trust is widely used as an effective method for issuing security tokens, establishing trust relationships, and allowing information to be exchanged reliably. The XSPA Profile tailors WS-Trust for the specific needs of the healthcare industry by providing common semantics and vocabularies for fine-grained access control,” said David Staggs, co-chair of the OASIS XSPA Technical Committee. “We’re giving healthcare providers the mechanisms they need to authenticate, administer, and enforce the authorization policies that control access to protected information, such as consent directives and privacy policies,” added Anil Saldhana of Red Hat, co-chair of the OASIS XSPA Technical Committee. “Using the XSPA Profile of WS-Trust, administrators can manage the accessibility of protected information, regardless of whether that information resides within their healthcare facility or with another provider.” Duane DeCouteau of Ascenda Healthcare noted, “The XSPA Profile of WS-Trust will allow a personal health record (PHR) application to easily communicate a user’s privacy settings to multiple organizations using trusted credentials appropriate to each organization specified by the PHR owner.” Participation in the OASIS XSPA Technical Committee is open to all companies, non-profit groups, governments, academic institutions, and individuals. As with all OASIS projects, archives of the Committees’ work are accessible to both members and non-members, and OASIS hosts an open mailing list for public comment. Support for XSPA Profile of WS-Trust Jericho Systems “As the healthcare industry moves toward establishing health information exchanges, Jericho Systems remains steadfast in its dedication toward developing and supporting standards that address patient privacy and security needs. With the introduction of XSPA, OASIS has taken a critical step toward defining the way healthcare constituents exchange privacy policies, consent directives, and authorizations. Jericho Systems firmly believes in the benefits provided by XSPA and is excited to be part of this industry-reforming authorization standard.” –Imran Chaudhari, Director of Projects and Integration, Jericho Systems Oracle “Oracle is pleased to have worked with the healthcare community to develop the XSPA Profile of WS-Trust. By providing a standard model for managing access to healthcare data, the specification will aid the creation of healthcare information systems which are both secure and open.” — Prateek Mishra, director, Identity Standards, Oracle Additional information: OASIS XSPA Technical Committee About OASIS: OASIS (Organization for the Advancement of Structured Information Standards) drives the development, convergence, and adoption of open standards for the global information society. A not-for-profit consortium, OASIS advances standards for SOA, security, Web services, documents, e-commerce, government and law, localisation, supply chains, XML processing, and other areas of need identified by its members. OASIS open standards offer the potential to lower cost, stimulate innovation, grow global markets, and protect the right of free choice of technology. The consortium has more than 5,000 participants representing over 600 organizations and individual members in 100 countries. http://www.oasis-open.org Press contact: Carol Geyer OASIS Senior Director, Communications carol.geyer@oasis-open.org +1 (781) 425-5073 x209

Boston, MA, USA; 14 December 2010 – The OASIS open standards consortium today announced that its members have approved DITA version 1.2 as an OASIS Standard, a status that signifies the highest level of ratification. DITA defines an XML architecture for designing, writing, managing, and publishing many kinds of information in print and on the Web. DITA is widely used for books, technical manuals, help files, training, and multimedia authoring because of its modular, topic-based approach and its ability to support content reuse. DITA 1.2 is now an official OASIS Standard, a status that signifies the highest level of ratification. DITA 1.2 defines a set of document types for authoring and organizing topic-oriented information as well as a set of mechanisms for combining, extending, and constraining document types. Other features include a new Learning and Training Specialization, which provides support for educational applications, and a Hazard Statement and Machinery Task Specialization, which makes DITA extremely useful for machinery documentation. “This new version of DITA incorporates community suggestions that will help content developers create and deliver more kinds of information in more ways than ever,” said Don Day, chair of the OASIS DITA Technical Committee. “The constraints mechanism can be used to remove unneeded tags from the authoring environment, depending on the type of document. Managing and reusing content is more efficient with indirect ‘keyref’ addressing using user-defined keys, and with extensions to conref, such as pushing updates into already published content.” “Many vendors have already updated their products to support DITA 1.2, and several organizations have begun authoring in the new version and taking advantage of its advanced features,” noted OASIS DITA Adoption Committee co-chairs, Gershon Joseph of Cisco and JoAnn Hackos of Comtech. Participation in the OASIS DITA Technical Committee and the DITA Adoption Committee is open to all companies, non-profit groups, governments, academic institutions, and individuals. As with all OASIS projects, archives of the Committees’ work are accessible to both members and non-members, and OASIS hosts an open mailing list for public comment. Support for DITA 1.2 Comtech Services “As an enthusiastic promoter of the DITA standard globally, I am pleased that the OASIS community has demonstrated its support for DITA 1.2. Comtech Services looks forward to bringing the additions and improvements in the specification to the attention of technical publications professionals and others engaged in the development of useful and usable information. DITA 1.2 promises to contribute to the already impressive productivity gains and cost savings that the DITA standard has enabled since its original approval in 2004. Thanks to the DITA community for the hard work that went into its development and release.” — JoAnn Hackos, president, Comtech IBM “From its inception, DITA has been a central part of IBM’s content strategy. As our strategy evolves, DITA does with it, bringing new classification capabilities and enhanced reuse that provide a better content experience for both our authors and our customers. DITA 1.2 gives us the ability to develop new capabilities like dynamic publishing and personalization without compromising our existing enterprise processes and requirements. Many features of DITA 1.2 are already well validated in use at IBM, and it continues to grow into new areas and applications, providing the common denominator for semantic content across the enterprise.” — Eileen Jones, Director, IBM Corporation Information Development and Information Quality Executive Nokia “Nokia is pleased with the standardization of DITA 1.2. The DITA information architecture plays a key role in supporting content exchange, and the new features in DITA 1.2 further enable single-sourcing and reuse of content.” — Frederick Hirsch, Senior Architect at Nokia Oracle “Leading edge companies from around the world have embraced DITA for large scale, topic-oriented content. DITA 1.2 represents the next evolutionary link in information typing for modern systems. It is a more flexible, powerful and pervasive solution for enterprise content to help users significantly drive down the cost of content development and translation.” — Don Deutsch, vice president Standards Strategy and Architecture, Oracle PTC “PTC welcomes the new DITA 1.2 standard, which offers additional content flexibility and robust support for reuse. DITA 1.2 opens the door to the use of key references, streamlining specializations and implementing a powerful Learning and Training solution. It’s exciting for PTC to continue influencing and shaping a standard that is widely used by so many diverse customers and industries.” — Mike Sundquist, vice president product management, PTC SAP “DITA 1.2, containing the learning and training elements, supports the requirements for industrialized knowledge transfer content production at SAP. The DITA content architecture provides us with the standardization and flexibility to efficiently produce and deliver for our customers multi-modular and multi-modal training content in several languages. At the same time, it enables us to scale content production with our partner ecosystem. We continue to actively participate in the OASIS DITA Technical Committee to further evolve this standard to also serve future upcoming challenges, such as collaborative and mobile learning approaches.” — Kurt Bauer, senior vice president of Knowledge Productization Services, SAP Education SDL “SDL has seen rapid adoption of DITA and SDL’s Component Content Management system over the past few years by companies focused on global markets. DITA 1.2 promises to deliver even more ROI and help move DITA beyond technical publications into other parts of the organization. SDL Trisoft 2011, which was released this past September, already contains robust support for the new DITA 1.2 standard.” — Kristen Eberlein, SDL’s DITA architect Additional information: OASIS DITA Technical Committee OASIS DITA Adoption Committee About OASIS: OASIS (Organization for the Advancement of Structured Information Standards) drives the development, convergence, and adoption of open standards for the global information society. A not-for-profit consortium, OASIS advances standards for content technologies, SOA, security, Web services, cloud computing, emergency management, e-commerce, e-government, and other areas of need identified by its members. OASIS open standards offer the potential to lower cost, stimulate innovation, grow global markets, and protect the right of free choice of technology. The consortium has more than 5,000 participants representing over 600 organizations and individual members in 100 countries. http://www.oasis-open.org Press contact: Carol Geyer OASIS Senior Director, Communications carol.geyer@oasis-open.org +1 (781) 425-5073 x209

Boston, MA, USA; 6 December 2010 – The OASIS open standards consortium today announced approval of the Extensible Resource Descriptor (XRD) version 1.0. XRD defines a simple generic format for describing and discovering resources that is independent of the format of the resource or the transport protocol used to interact with it . The new standard provides a way to express the properties and link relations of any resource identified by a URI. XRD is now an official OASIS Standard, a status that signifies the highest level of ratification. The XRD document for a resource is particularly useful for discovering its relationship to other resources. For example, an XRD document for a web page about an upcoming meeting could provide the location of the organizer’s schedule so that a different time could be negotiated. The XRD for a social network profile page could identify the location of the user’s address book as well as accounts on other sites. “We intentionally designed XRD to be as simple as possible but no simpler, so that it can be used for many different resource description and discovery purposes,” explained Peter Davis of Neustar, co-chair of the OASIS Extensible Resource Identifier (XRI) Technical Committee. “HTML and Atom link elements both require access to the representation of the resource, but this isn’t always possible,” added Drummond Reed, co-chair of the OASIS XRI Technical Committee. “XRD conveys the link relations of a resource without requiring access to a representation of the resource itself.” Participation in the OASIS XRI Technical Committee is open to all companies, non-profit groups, governments, academic institutions, and individuals. As with all OASIS projects, archives of the Committee’s work are accessible to both members and non-members, and OASIS hosts an open mail list for public comment. Additional information: OASIS XRI Technical Committee About OASIS: OASIS (Organization for the Advancement of Structured Information Standards) drives the development, convergence, and adoption of open standards for the global information society. A not-for-profit consortium, OASIS advances standards for SOA, security, Web services, content technologies, e-commerce, cloud computing, emergency management, e-government, and other areas of need identified by its members. OASIS open standards offer the potential to lower cost, stimulate innovation, grow global markets, and protect the right of free choice of technology. The consortium has more than 5,000 participants representing over 600 organizations and individual members in 100 countries. http://www.oasis-open.org Press contact: Carol Geyer OASIS Senior Director, Communications carol.geyer@oasis-open.org +1 (781) 425-5073 x209

San Antonio, TX, USA; 1 November 2010 – This week, members of the OASIS open standards consortium demonstrated their ability to transmit information using the Emergency Data Exchange Language (EDXL) suite of standards including the Common Alerting Protocol (CAP). CAP was recently adopted by the DHS Federal Emergency Management Agency (FEMA) as the new digital message format for the Integrated Public Alert and Warning System (IPAWS). The interoperability demonstration between OASIS and IPAWS was featured at the International Association of Emergency Managers (IAEM) conference in San Antonio. In the OASIS booth, vendors and government agencies exchanged emergency management information with one another as part of a simulation involving a chemical leak and subsequent hurricane. Some CAP messages were also exchanged with the adjacent FEMA IPAWS booth,.where they were broadcast via an expanded Emergency Alert System (EAS) to a variety of broadcasting mediums, including radio, television, mobile phones, and personal computers. The OASIS demo showed how authorities, responders, broadcasters, and other services providers can use EDXL to enact a concerted, coordinated emergency response. OASIS standards were employed to inform and coordinate response involving a Hazmat team, police, public works officials, firefighters, paramedics, and the Red Cross. Participants in the OASIS demo included Desktop Alert and Warning Systems, Inc. (WSI), as well as the DHS, FEMA, NOAA, Collaborative Fusion Inc, Safe Environment Engineering, and Solace Systems. “The IPAWS Program Office is pleased to take part in interoperability demonstrations at IAEM and is looking forward to increased participation from the vendor community to advance public alert and warning,” said Antwane V. Johnson, IPAWS Division Director. “The OASIS Interop at IAEM is an excellent opportunity for emergency management practitioners to see first-hand how WSI’s warning and notification products perform in a real-world emergency situation. Our AdaptAlertTM system will interface with products from other companies in the Interop’s ammonia leak and weather scenarios to receive CAP 1.2 IPAWS Profile messages to activate broadcaster EAS equipment. This complements our AdaptAlert Radio Frequency systems that can activate sirens, tone pagers and tone alert receivers,” said Patrick J. Gannon, President and COO, WSI. Additional information: OASIS Emergency Management Technical Committee OASIS Emergency Adoption Committee About OASIS: OASIS (Organization for the Advancement of Structured Information Standards) drives the development, convergence, and adoption of open standards for the global information society. A not-for-profit consortium, OASIS advances standards for emergency management, security, content management, e-commerce, and other areas of need identified by its members. OASIS open standards offer the potential to lower cost, stimulate innovation, grow global markets, and protect the right of free choice of technology. The consortium has more than 5,000 participants representing over 600 organizations and individual members in 100 countries. http://www.oasis-open.org Press contact: Carol Geyer Senior Director of Communications and Development OASIS carol.geyer@oasis-open.org +1.781.425.5073 (office) +1.941.284.0403 (mobile)

Boston, MA, USA; 14 October 2010 — The OASIS open standards consortium today announced approval of the Key Management Interoperability Protocol (KMIP) version 1.0. Developed through a collaboration of more than 30 vendors and end user organizations, KMIP enables communication between key management systems and cryptographically-enabled applications, including email, databases, and storage devices. KMIP and the related KMIP Profiles are now official OASIS Standards, a status that signifies the highest level of ratification. “KMIP fills a real void,” said Jon Oltsik, Principal Analyst at the Enterprise Strategy Group. “The challenge of administering multiple data security systems has become more widespread as new technologies with built-in encryption gain acceptance. KMIP can succeed, not only because of the breadth of devices it supports, but also because of the very clear rules it imposes on methods of key management communication.” KMIP simplifies the way companies manage cryptographic keys, eliminating the need for redundant, incompatible key management processes. Key lifecycle management — including the generation, submission, retrieval, and deletion of cryptographic keys — is enabled by the standard. Designed for use by both legacy and new cryptographic applications, KMIP supports many kinds of cryptographic objects, including symmetric keys, asymmetric keys, digital certificates, and authentication tokens. “KMIP enables a new generation of enterprise key management, fully interoperable across the broad range of cryptographic capabilities that are required for effective security,” said Robert Griffin of EMC/RSA, co-chair of the OASIS KMIP Technical Committee. “KMIP’s approval as an OASIS Standard represents a milestone for all enterprises that are concerned with the security of their information, identities, and infrastructure.” “Development of KMIP was enriched by participation from across the public and private sectors,” added Subhash Sankuratripati of NetApp, co-chair of the OASIS KMIP Technical Committee. “In addition to having most of the major software and security vendors involved, government agencies including U.S. NIST and NSA, and large end users, including Aetna and Target, also contributed.” KMIP is offered for implementation on a royalty-free basis. Participation in the OASIS KMIP Technical Committee is open to all companies, non-profit groups, governments, academic institutions, and individuals. As with all OASIS projects, archives of the Committees’ work are accessible to both members and non-members, and OASIS hosts an open mail list for public comment. Support for KMIP Brocade “Brocade has always been committed to providing innovative, standards-based technologies and we are pleased to be a part of the OASIS committee,” said Martin Skagen senior director of network systems architecture at Brocade. “With the introduction of the new Key Management Interoperability Protocol and the KMIP Profiles standards we are able to protect valuable digital assets across the entire enterprise data center environment, from encryption systems to enterprise applications.” CA Technologies “The IT industry today is enabling commerce and improving efficiencies on a global scale. In order to help ensure these business transactions and operations are secure, encryption is widely used, making encryption key management a critical issue,” said Tim Brown, chief security architect and senior vice president, CA Technologies. “The adoption of the cloud will compound encryption use and add to the complexity of the key management. CA Technologies sees the KMIP standard as a important step toward enabling scalable key management solutions and seamless interoperability across a variety of encryption products and vendors.” IBM “KMIP dramatically increases data center security by introducing the first open standard protocol for key management. The protocol enables interoperable solutions for the automated management of the lifecycle of cryptographic keys, which will be beneficial for cloud storage and computing,” said Dr. Robert Haas, manager of Storage Systems Research at IBM Research — Zurich, co-editor of KMIP 1.0. HP “In order to thrive, organizations must collaborate by sharing data across employees, suppliers, partners and customers while maintaining high levels of data security and compliance,” said Chris Whitener, HP’s chief security strategist. “HP’s investment in developing the new KMIP OASIS Standard demonstrates our commitment to simplified, secure, converged IT infrastructures using efficient key management to protect data security and privacy.” EMC “RSA and EMC are very pleased to see the approval of KMIP 1.0 as an OASIS Standard. We have been a leader in and contributor to this effort since its very beginning, when we were responding to the needs of customers who demanded strong key management systems,” said Bret Hartman, chief technology officer, RSA, The Security Division of EMC. “We look forward to seeing KMIP implemented across the industry, enabling a security ecosystem that fully supports enterprises in their move towards virtualization and cloud.” SafeNet “In order to protect vital assets and address regulatory requirements, enterprises are becoming increasingly reliant upon encryption. However, in most enterprises, encryption has been managed in a disparate, ad hoc fashion, which can present risks to the security of information, result in data loss, and prove very costly,” said Rami Shalom, vice president, product management, data encryption and control, SafeNet. “By supporting KMIP 1.0 and KMIP Profiles 1.0, now approved as OASIS Standards, SafeNet will enable its customers to centrally manage encryption efforts across the entire organization, address regulatory requirements, and get the most value out of encryption.” Vormetric “Vormetric’s mission is to simplify encryption and key management for the enterprise. To that end, we have been very pleased to play our part in advancing the OASIS KMIP key management standard,” said Richard Gorman, president and CEO of Vormetric. Additional information: OASIS KMIP Technical Committee Cover Pages: KMIP References About OASIS: OASIS (Organization for the Advancement of Structured Information Standards) drives the development, convergence, and adoption of open standards for the global information society. A not-for-profit consortium, OASIS advances standards for SOA, security, Web services, documents, e-commerce, government and law, localisation, supply chains, XML processing, and other areas of need identified by its members. OASIS open standards offer the potential to lower cost, stimulate innovation, grow global markets, and protect the right of free choice of technology. The consortium has more than 5,000 participants representing over 600 organizations and individual members in 100 countries. http://www.oasis-open.org Press contact: Carol Geyer OASIS Senior Director, Communications carol.geyer@oasis-open.org +1 (781) 425-5073 x209