OASIS PKCS 11 Technical Committee

The purpose of the PKCS 11 Technical Committee is the on-going enhancement and maintenance of the PKCS #11 standard, widely used across the industry as a core specification for cryptographic services. The PKCS #11 standard, originally developed under the leadership of RSA Laboratories, specifies an API, called Cryptoki, for devices which hold cryptographic information and perform cryptographic functions. The API follows a simple object-based approach, addressing the goals of technology independence (any kind of device) and resource sharing (multiple applications accessing multiple devices), presenting to applications a common, logical view of the device called a cryptographic token.

The committee will address requirements for enhancements to and maintenance of the PKCS #11 standard as an API for devices that may hold cryptographic information and may perform cryptographic functions. These requirements include such areas as new mechanisms for instrumentation of the PKCS #11 application programming interface. Other areas of in-scope activity for the committee include the specification of new PKCS #11 functionality in support of integration with other standards, particularly OASIS Key Management Interoperability Protocol (KMIP). The committee will also engage in activities that support effective and interoperable implementation of PKCS #11, including such activities as developing guidance on the use of PKCS #11, supporting interoperability testing and coordination of reference implementations.

The initial goal of the OASIS PKCS 11 Technical Committee is to finalize the current draft work on V2.30 of the PKCS #11 Specification, based on the contributions listed in (2)(h)", within 12 to 18 months of the first meeting. Inclusion of additional mechanisms and other enhancements will also be considered for this release, to the extent that they can be accommodated within a reasonable time-frame. The deliverable for this initial work is the following:

• PKCS #11 Specification. This provides the normative expression of the application programming interface, including objects, attributes, operations, mechanisms and other elements. The specification may be created as a single document or (as is the case with the current draft) or in multiple parts to facilitate ease-of-use of the standard.

The PKCS #11 Specification will be the primary on-going deliverable of the TC. However, as part of its continuing work, the PKCS 11 TC will also support activities to encourage adoption of the PKCS #11 standard. These activities and related deliverables are anticipated to include:

• Development of PKCS #11 Test Cases documentation, describing test scenarios and implementation details for purposes of validating PKCS #11 functionality and verifying interoperability across PKCS #11 implementations.
• Development of PKCS #11 Profiles documentation, containing profiles that enable PKCS #11 implementations to claim conformance to specific sets of PKCS #11 functionality.
• Development of PKCS #11 Usage Guide documentation, providing guidance on the use of PKCS #11 functionality
• Development of PKCS #11 Errata documentation, if and as needed.
• Definition of integration mechanism for use of PKCS #11 with other standards, such as OASIS KMIP.
• Coordination of functional testing validating PKCS #11 functionality
• Coordination of interoperability testing across PKCS #11 implementations as interoperability sessions to test effectiveness of the specification
• Coordination of efforts to develop reference implementations of PKCS #11

The PKCS 11 TC is anticipated to operate under RF on RAND mode of the OASIS IPR Policy.

PKCS #11 is intended for architects, designers and implementers of providers and consumers of cryptographic services.

Work group business and proceedings will be conducted in English.