Project news

15-day Public Reviews for 11 #KMIP Committee Specification Drafts and 2 KMIP Committee Note Drafts

The OASIS Key Management Interoperability Protocol (KMIP) TC [1] members have recently approved 11 Committee Specification Drafts (CSD) and 2 Committee Note Drafts (CND) and submitted them for 15-day public review:

Key Management Interoperability Protocol Specification Version 1.2
Committee Specification Draft 02 / Public Review Draft 02
19 June 2014

Key Management Interoperability Protocol Profiles Version 1.2
Committee Specification Draft 02 / Public Review Draft 02
19 June 2014

KMIP Additional Message Encodings Version 1.0
Committee Specification Draft 02 / Public Review Draft 02
19 June 2014

KMIP Storage Array with Self-Encrypting Drives Profile Version 1.0
Committee Specification Draft 02 / Public Review Draft 02
19 June 2014

KMIP Symmetric Key Lifecycle Profile Version 1.0
Committee Specification Draft 02 / Public Review Draft 02
19 June 2014

KMIP Tape Library Profile Version 1.0
Committee Specification Draft 02 / Public Review Draft 02
19 June 2014

KMIP Cryptographic Services Profile Version 1.0
Committee Specification Draft 02 / Public Review Draft 02
19 June 2014

KMIP Asymmetric Key Lifecycle Profile Version 1.0
Committee Specification Draft 02 / Public Review Draft 02
19 June 2014

KMIP Symmetric Key Foundry for FIPS 140-2 Profile Version 1.0
Committee Specification Draft 02 / Public Review Draft 02
19 June 2014

KMIP Opaque Managed Object Store Profile Version 1.0
Committee Specification Draft 02 / Public Review Draft 02
19 June 2014

KMIP Suite B Profile Version 1.0
Committee Specification Draft 02 / Public Review Draft 02
19 June 2014

Key Management Interoperability Protocol Test Cases Version 1.2
Committee Note Draft 02 / Public Review Draft 02
19 June 2014

Key Management Interoperability Protocol Usage Guide Version 1.2
Committee Note Draft 02 / Public Review Draft 02
19 June 2014

Specification Overview:

These documents are intended for developers and architects who wish to design systems and applications that interoperate using the Key Management Interoperability Protocol Specification.

KMIP v1.2 enhances the KMIP v1.1 standard (established in February 2013) by: 

1) defining new functionality in the protocol to improve interoperability; 

2) defining additional Test Cases for verifying and validating the new functionality; 

3) providing additional information in the KMIP Usage Guide to assist in effective implementation of KMIP in key management clients and servers; and 

4) defining new profiles for establishing KMIP-compliant implementations. 

The Key Management Interoperability Protocol (KMIP) is a single, comprehensive protocol for communication between clients that request any of a wide range of encryption keys and servers that store and manage those keys. By replacing redundant, incompatible key management protocols, KMIP provides better data security while at the same time reducing expenditures on multiple products. 

These documents are intended for developers and architects who wish to design systems and applications that interoperate using the Key Management Interoperability Protocol Specification. 

– Key Management Interoperability Protocol Specification Version 1.2 provides the core specification. 

– Key Management Interoperability Protocol Profiles Version 1.2 define a set of normative constraints for employing KMIP within a particular environment or context of use. They may, optionally, require the use of specific KMIP functionality or in other respects define the processing rules to be followed by profile actors.

– KMIP Additional Message Encodings Version 1.0 describes additional (optional) message encodings as an alternative to the (mandatory) raw TTLV encoding including: HTTP, JSON, and XML. 

– KMIP Storage Array with Self-Encrypting Drives Profile Version 1.0 describes a profile for Storage Arrays with Self-Encrypting Drives as KMIP clients interacting with KMIP servers. 

– KMIP Symmetric Key Lifecycle Profile Version 1.0 describes a profile for a KMIP server performing symmetric key lifecycle operations based on requests received from a KMIP client.

– KMIP Tape Library Profile Version 1.0 describes a profile for Tape Libraries as KMIP clients interacting with KMIP servers. 

– KMIP Cryptographic Services Profile Version 1.0 describes the use of KMIP operations to support cryptographic services being performed by a KMIP server on behalf of a KMIP client for key management operations. 

– KMIP Asymmetric Key Lifecycle Profile Version 1.0 describes a profile for a KMIP server performing asymmetric key lifecycle operations based on requests received from a KMIP client. 

– KMIP Symmetric Key Foundry for FIPS 140-2 Profile Version 1.0 describes a profile for a KMIP server creating FIPS140-2 approved symmetric key algorithms based on requests received from a KMIP client.

– KMIP Opaque Managed Object Store Profile Version 1.0 describes a profile for a KMIP server performing opaque managed object storage operations based on requests received from a KMIP client. 

– KMIP Suite B Profile Version 1.0 describes a profile for KMIP clients and KMIP servers using Suite B cryptography that has been approved by NIST for use by the U.S. Government and specified in NIST standards or recommendations. 

– Key Management Interoperability Protocol Test Cases Version 1.2 is intended for developers and architects who wish to design systems and applications that interoperate using the Key Management Interoperability Protocol specification. 

– Key Management Interoperability Protocol Usage Guide Version 1.2 is intended to complement the Key Management Interoperability Protocol Specification by providing guidance on how to implement KMIP most effectively to ensure interoperability and to address key management usage scenarios. 

Public Review Period:

The public review starts 09 September 2014 at 00:00 UTC and ends 23 September 2014 at 23:59 UTC.

These specifications and notes were previously submitted for public reviews [2]. This 15-day review is limited in scope to changes made from the previous review. Changes are highlighted in the diff-marked PDF files [3].

This is an open invitation to comment. OASIS solicits feedback from potential users, developers and others, whether OASIS members or not, for the sake of improving the interoperability and quality of its technical work.

URIs:

The prose specification documents and related files are available here:

– Key Management Interoperability Protocol Specification Version 1.2

Editable source (Authoritative):
http://docs.oasis-open.org/kmip/spec/v1.2/csprd02/kmip-spec-v1.2-csprd02.doc

HTML:
http://docs.oasis-open.org/kmip/spec/v1.2/csprd02/kmip-spec-v1.2-csprd02.html

HTML with comment tags:
http://docs.oasis-open.org/kmip/spec/v1.2/csprd02/kmip-spec-v1.2-csprd02-COMMENT-TAGS.html

PDF:
http://docs.oasis-open.org/kmip/spec/v1.2/csprd02/kmip-spec-v1.2-csprd02.pdf

– Key Management Interoperability Protocol Profiles Version 1.2

Editable source (Authoritative):
http://docs.oasis-open.org/kmip/profiles/v1.2/csprd02/kmip-profiles-v1.2-csprd02.doc

HTML:
http://docs.oasis-open.org/kmip/profiles/v1.2/csprd02/kmip-profiles-v1.2-csprd02.html

HTML with comment tags:
http://docs.oasis-open.org/kmip/profiles/v1.2/csprd02/kmip-profiles-v1.2-csprd02-COMMENT-TAGS.html

PDF:
http://docs.oasis-open.org/kmip/profiles/v1.2/csprd02/kmip-profiles-v1.2-csprd02.pdf

– KMIP Additional Message Encodings Version 1.0

Editable source (Authoritative):
http://docs.oasis-open.org/kmip/kmip-addtl-msg-enc/v1.0/csprd02/kmip-addtl-msg-enc-v1.0-csprd02.doc

HTML:
http://docs.oasis-open.org/kmip/kmip-addtl-msg-enc/v1.0/csprd02/kmip-addtl-msg-enc-v1.0-csprd02.html

HTML with comment tags:
http://docs.oasis-open.org/kmip/kmip-addtl-msg-enc/v1.0/csprd02/kmip-addtl-msg-enc-v1.0-csprd02-COMMENT-TAGS.html

PDF:
http://docs.oasis-open.org/kmip/kmip-addtl-msg-enc/v1.0/csprd02/kmip-addtl-msg-enc-v1.0-csprd02.pdf

– KMIP Storage Array with Self-Encrypting Drives Profile Version 1.0

Editable source (Authoritative):
http://docs.oasis-open.org/kmip/kmip-sa-sed-profile/v1.0/csprd02/kmip-sa-sed-profile-v1.0-csprd02.doc

HTML:
http://docs.oasis-open.org/kmip/kmip-sa-sed-profile/v1.0/csprd02/kmip-sa-sed-profile-v1.0-csprd02.html

HTML with comment tags:
http://docs.oasis-open.org/kmip/kmip-sa-sed-profile/v1.0/csprd02/kmip-sa-sed-profile-v1.0-csprd02-COMMENT-TAGS.html

PDF:
http://docs.oasis-open.org/kmip/kmip-sa-sed-profile/v1.0/csprd02/kmip-sa-sed-profile-v1.0-csprd02.pdf

– KMIP Symmetric Key Lifecycle Profile Version 1.0

Editable source (Authoritative):
http://docs.oasis-open.org/kmip/kmip-sym-key-profile/v1.0/csprd02/kmip-sym-key-profile-v1.0-csprd02.doc

HTML:
http://docs.oasis-open.org/kmip/kmip-sym-key-profile/v1.0/csprd02/kmip-sym-key-profile-v1.0-csprd02.html

HTML with comment tags:
http://docs.oasis-open.org/kmip/kmip-sym-key-profile/v1.0/csprd02/kmip-sym-key-profile-v1.0-csprd02-COMMENT-TAGS.html

PDF:
http://docs.oasis-open.org/kmip/kmip-sym-key-profile/v1.0/csprd02/kmip-sym-key-profile-v1.0-csprd02.pdf

– KMIP Tape Library Profile Version 1.0

Editable source (Authoritative):
http://docs.oasis-open.org/kmip/kmip-tape-lib-profile/v1.0/csprd02/kmip-tape-lib-profile-v1.0-csprd02.doc

HTML:
http://docs.oasis-open.org/kmip/kmip-tape-lib-profile/v1.0/csprd02/kmip-tape-lib-profile-v1.0-csprd02.html

HTML with comment tags:
http://docs.oasis-open.org/kmip/kmip-tape-lib-profile/v1.0/csprd02/kmip-tape-lib-profile-v1.0-csprd02-COMMENT-TAGS.html

PDF:
http://docs.oasis-open.org/kmip/kmip-tape-lib-profile/v1.0/csprd02/kmip-tape-lib-profile-v1.0-csprd02.pdf

– KMIP Cryptographic Services Profile Version 1.0

Editable source (Authoritative):
http://docs.oasis-open.org/kmip/kmip-cs-profile/v1.0/csprd02/kmip-cs-profile-v1.0-csprd02.doc

HTML:
http://docs.oasis-open.org/kmip/kmip-cs-profile/v1.0/csprd02/kmip-cs-profile-v1.0-csprd02.html

HTML with comment tags:
http://docs.oasis-open.org/kmip/kmip-cs-profile/v1.0/csprd02/kmip-cs-profile-v1.0-csprd02-COMMENT-TAGS.html

PDF:
http://docs.oasis-open.org/kmip/kmip-cs-profile/v1.0/csprd02/kmip-cs-profile-v1.0-csprd02.pdf

– KMIP Asymmetric Key Lifecycle Profile Version 1.0

Editable source (Authoritative):
http://docs.oasis-open.org/kmip/kmip-asym-key-profile/v1.0/csprd02/kmip-asym-key-profile-v1.0-csprd02.doc

HTML:
http://docs.oasis-open.org/kmip/kmip-asym-key-profile/v1.0/csprd02/kmip-asym-key-profile-v1.0-csprd02.html

HTML with comment tags:
http://docs.oasis-open.org/kmip/kmip-asym-key-profile/v1.0/csprd02/kmip-asym-key-profile-v1.0-csprd02-COMMENT-TAGS.html

PDF:
http://docs.oasis-open.org/kmip/kmip-asym-key-profile/v1.0/csprd02/kmip-asym-key-profile-v1.0-csprd02.pdf

– KMIP Symmetric Key Foundry for FIPS 140-2 Profile Version 1.0

Editable source (Authoritative):
http://docs.oasis-open.org/kmip/kmip-sym-foundry-profile/v1.0/csprd02/kmip-sym-foundry-profile-v1.0-csprd02.doc

HTML:
http://docs.oasis-open.org/kmip/kmip-sym-foundry-profile/v1.0/csprd02/kmip-sym-foundry-profile-v1.0-csprd02.html

HTML with comment tags:
http://docs.oasis-open.org/kmip/kmip-sym-foundry-profile/v1.0/csprd02/kmip-sym-foundry-profile-v1.0-csprd02-COMMENT-TAGS.html

PDF:
http://docs.oasis-open.org/kmip/kmip-sym-foundry-profile/v1.0/csprd02/kmip-sym-foundry-profile-v1.0-csprd02.pdf

– KMIP Opaque Managed Object Store Profile Version 1.0

Editable source (Authoritative):
http://docs.oasis-open.org/kmip/kmip-opaque-obj-profile/v1.0/csprd02/kmip-opaque-obj-profile-v1.0-csprd02.doc

HTML:
http://docs.oasis-open.org/kmip/kmip-opaque-obj-profile/v1.0/csprd02/kmip-opaque-obj-profile-v1.0-csprd02.html

HTML with comment tags:
http://docs.oasis-open.org/kmip/kmip-opaque-obj-profile/v1.0/csprd02/kmip-opaque-obj-profile-v1.0-csprd02-COMMENT-TAGS.html

PDF:
http://docs.oasis-open.org/kmip/kmip-opaque-obj-profile/v1.0/csprd02/kmip-opaque-obj-profile-v1.0-csprd02.pdf

– KMIP Suite B Profile Version 1.0

Editable source (Authoritative):
http://docs.oasis-open.org/kmip/kmip-suite-b-profile/v1.0/csprd02/kmip-suite-b-profile-v1.0-csprd02.doc

HTML:
http://docs.oasis-open.org/kmip/kmip-suite-b-profile/v1.0/csprd02/kmip-suite-b-profile-v1.0-csprd02.html

HTML with comment tags:
http://docs.oasis-open.org/kmip/kmip-suite-b-profile/v1.0/csprd02/kmip-suite-b-profile-v1.0-csprd02-COMMENT-TAGS.html

PDF:
http://docs.oasis-open.org/kmip/kmip-suite-b-profile/v1.0/csprd02/kmip-suite-b-profile-v1.0-csprd02.pdf

– Key Management Interoperability Protocol Test Cases Version 1.2

Editable source (Authoritative):
http://docs.oasis-open.org/kmip/testcases/v1.2/cnprd02/kmip-testcases-v1.2-cnprd02.doc

HTML:
http://docs.oasis-open.org/kmip/testcases/v1.2/cnprd02/kmip-testcases-v1.2-cnprd02.html

HTML with comment tags:
http://docs.oasis-open.org/kmip/testcases/v1.2/cnprd02/kmip-testcases-v1.2-cnprd02-COMMENT-TAGS.html

PDF:
http://docs.oasis-open.org/kmip/testcases/v1.2/cnprd02/kmip-testcases-v1.2-cnprd02.pdf

– Key Management Interoperability Protocol Usage Guide Version 1.2

Editable source (Authoritative):
http://docs.oasis-open.org/kmip/ug/v1.2/cnprd02/kmip-ug-v1.2-cnprd02.doc

HTML:
http://docs.oasis-open.org/kmip/ug/v1.2/cnprd02/kmip-ug-v1.2-cnprd02.html

HTML with comment tags:
http://docs.oasis-open.org/kmip/ug/v1.2/cnprd02/kmip-ug-v1.2-cnprd02-COMMENT-TAGS.html

PDF:
http://docs.oasis-open.org/kmip/ug/v1.2/cnprd02/kmip-ug-v1.2-cnprd02.pdf

ZIP distribution file (complete):

For your convenience, OASIS provides complete packages of the prose specifications and related files in ZIP distribution files. You can download these ZIP files here:

– Key Management Interoperability Protocol Specification Version 1.2:
http://docs.oasis-open.org/kmip/spec/v1.2/csprd02/kmip-spec-v1.2-csprd02.zip

– Key Management Interoperability Protocol Profiles Version 1.2:
http://docs.oasis-open.org/kmip/profiles/v1.2/csprd02/kmip-profiles-v1.2-csprd02.zip

– KMIP Additional Message Encodings Version 1.0:
http://docs.oasis-open.org/kmip/kmip-addtl-msg-enc/v1.0/csprd02/kmip-addtl-msg-enc-v1.0-csprd02.zip

– KMIP Storage Array with Self-Encrypting Drives Profile Version 1.0:
http://docs.oasis-open.org/kmip/kmip-sa-sed-profile/v1.0/csprd02/kmip-sa-sed-profile-v1.0-csprd02.zip

– KMIP Symmetric Key Lifecycle Profile Version 1.0:
http://docs.oasis-open.org/kmip/kmip-sym-key-profile/v1.0/csprd02/kmip-sym-key-profile-v1.0-csprd02.zip

– KMIP Tape Library Profile Version 1.0:
http://docs.oasis-open.org/kmip/kmip-tape-lib-profile/v1.0/csprd02/kmip-tape-lib-profile-v1.0-csprd02.zip

– KMIP Cryptographic Services Profile Version 1.0:
http://docs.oasis-open.org/kmip/kmip-cs-profile/v1.0/csprd02/kmip-cs-profile-v1.0-csprd02.zip

– KMIP Asymmetric Key Lifecycle Profile Version 1.0:
http://docs.oasis-open.org/kmip/kmip-asym-key-profile/v1.0/csprd02/kmip-asym-key-profile-v1.0-csprd02.zip

– KMIP Symmetric Key Foundry for FIPS 140-2 Profile Version 1.0:
http://docs.oasis-open.org/kmip/kmip-sym-foundry-profile/v1.0/csprd02/kmip-sym-foundry-profile-v1.0-csprd02.zip

– KMIP Opaque Managed Object Store Profile Version 1.0:
http://docs.oasis-open.org/kmip/kmip-opaque-obj-profile/v1.0/csprd02/kmip-opaque-obj-profile-v1.0-csprd02.zip

– KMIP Suite B Profile Version 1.0:
http://docs.oasis-open.org/kmip/kmip-suite-b-profile/v1.0/csprd02/kmip-suite-b-profile-v1.0-csprd02.zip

– Key Management Interoperability Protocol Test Cases Version 1.2:
http://docs.oasis-open.org/kmip/testcases/v1.2/cnprd02/kmip-testcases-v1.2-cnprd02.zip

– Key Management Interoperability Protocol Usage Guide Version 1.2:
http://docs.oasis-open.org/kmip/ug/v1.2/cnprd02/kmip-ug-v1.2-cnprd02.zip

Additional information about the specification and the OASIS Key Management Interoperability Protocol (KMIP) TC can be found at the TC’s public home page:

https://www.oasis-open.org/committees/kmip/

Comments may be submitted to the TC by any person through the use of the OASIS TC Comment Facility which can be used by following the instructions on the TC’s “Send A Comment” page, or directly at:

https://www.oasis-open.org/committees/comments/index.php?wg_abbrev=kmip

Comments submitted by TC non-members for this work and for other work of this TC are publicly archived and can be viewed at:

https://lists.oasis-open.org/archives/kmip-comment/

All comments submitted to OASIS are subject to the OASIS Feedback License, which ensures that the feedback you provide carries the same obligations at least as the obligations of the TC members. In connection with these public reviews of 11 KMIP Committee Specification Drafts and 2 Committee Note Drafts, we call your attention to the OASIS IPR Policy [4] applicable especially [5] to the work of this technical committee. All members of the TC should be familiar with this document, which may create obligations regarding the disclosure and availability of a member’s patent, copyright, trademark and license rights that read on an approved OASIS specification. 

OASIS invites any persons who know of any such claims to disclose these if they may be essential to the implementation of the above specification, so that notice of them may be posted to the notice page for this TC’s work.

========== Additional references:

[1] OASIS Key Management Interoperability Protocol (KMIP) TC
http://www.oasis-open.org/committees/kmip/

[2] Previous public reviews:
– 30-day public review, 19 February 2014: https://lists.oasis-open.org/archives/tc-announce/201402/msg00008.html
– Comment resolution log (master log copied to each csprd directory): http://docs.oasis-open.org/kmip/spec/v1.2/csprd01/KMIP-v1.2-csprd01-pub-rev-comments-final.xlsx

– 30 day public review, Key Management Interoperability Protocol Profiles Version 1.2, 07 April 2014: https://lists.oasis-open.org/archives/tc-announce/201404/msg00000.html
– Comment resolution log: http://docs.oasis-open.org/kmip/profiles/v1.2/csprd01/KMIP-v1.2-csprd01-pub-rev-comments-final.xlsx

[3] Redlined DIFF files:

– Key Management Interoperability Protocol Specification Version 1.2:
http://docs.oasis-open.org/kmip/spec/v1.2/csprd02/kmip-spec-v1.2-csprd02-diff.pdf

– Key Management Interoperability Protocol Profiles Version 1.2:
http://docs.oasis-open.org/kmip/profiles/v1.2/csprd02/kmip-profiles-v1.2-csprd02-diff.pdf

– KMIP Additional Message Encodings Version 1.0:
http://docs.oasis-open.org/kmip/kmip-addtl-msg-enc/v1.0/csprd02/kmip-addtl-msg-enc-v1.0-csprd02-diff.pdf

– KMIP Storage Array with Self-Encrypting Drives Profile Version 1.0:
http://docs.oasis-open.org/kmip/kmip-sa-sed-profile/v1.0/csprd02/kmip-sa-sed-profile-v1.0-csprd02-diff.pdf

– KMIP Symmetric Key Lifecycle Profile Version 1.0:
http://docs.oasis-open.org/kmip/kmip-sym-key-profile/v1.0/csprd02/kmip-sym-key-profile-v1.0-csprd02-diff.pdf

– KMIP Tape Library Profile Version 1.0:
http://docs.oasis-open.org/kmip/kmip-tape-lib-profile/v1.0/csprd02/kmip-tape-lib-profile-v1.0-csprd02-diff.pdf

– KMIP Cryptographic Services Profile Version 1.0:
http://docs.oasis-open.org/kmip/kmip-cs-profile/v1.0/csprd02/kmip-cs-profile-v1.0-csprd02-diff.pdf

– KMIP Asymmetric Key Lifecycle Profile Version 1.0:
http://docs.oasis-open.org/kmip/kmip-asym-key-profile/v1.0/csprd02/kmip-asym-key-profile-v1.0-csprd02-diff.pdf

– KMIP Symmetric Key Foundry for FIPS 140-2 Profile Version 1.0:
http://docs.oasis-open.org/kmip/kmip-sym-foundry-profile/v1.0/csprd02/kmip-sym-foundry-profile-v1.0-csprd02-diff.pdf

– KMIP Opaque Managed Object Store Profile Version 1.0:
http://docs.oasis-open.org/kmip/kmip-opaque-obj-profile/v1.0/csprd02/kmip-opaque-obj-profile-v1.0-csprd02-diff.pdf

– KMIP Suite B Profile Version 1.0:
http://docs.oasis-open.org/kmip/kmip-suite-b-profile/v1.0/csprd02/kmip-suite-b-profile-v1.0-csprd02-diff.pdf

– Key Management Interoperability Protocol Test Cases Version 1.2:
http://docs.oasis-open.org/kmip/testcases/v1.2/cnprd02/kmip-testcases-v1.2-cnprd02-diff.pdf

– Key Management Interoperability Protocol Usage Guide Version 1.2:
http://docs.oasis-open.org/kmip/ug/v1.2/cnprd02/kmip-ug-v1.2-cnprd02-diff.pdf

[4] http://www.oasis-open.org/who/intellectualproperty.php

[5] http://www.oasis-open.org/committees/kmip/ipr.php
https://www.oasis-open.org/policies-guidelines/ipr#s10.2.2
RF on RAND Mode