60-day Public Reviews for 11 #KMIP Candidate OASIS Standards - end April 18th

Members of the OASIS Key Management Interoperability Protocol (KMIP) TC [1] have recently approved Special Majority Ballots [2] to advance 11 Committee Specifications as Candidate OASIS Standards (COS). These COSs now enter a 60-day public review period in preparation for member ballots to consider them for OASIS Standards.

Key Management Interoperability Protocol Specification Version 1.2
Candidate OASIS Standard 01
13 January 2015

Key Management Interoperability Protocol Profiles Version 1.2
Candidate OASIS Standard 01
13 January 2015

KMIP Additional Message Encodings Version 1.0
Candidate OASIS Standard 01
13 January 2015

KMIP Storage Array with Self-Encrypting Drives Profile Version 1.0
Candidate OASIS Standard 01
13 January 2015

KMIP Symmetric Key Lifecycle Profile Version 1.0
Candidate OASIS Standard 01
13 January 2015

KMIP Asymmetric Key Lifecycle Profile Version 1.0
Candidate OASIS Standard 01
13 January 2015

KMIP Cryptographic Services Profile Version 1.0
Candidate OASIS Standard 01
03 February 2015

KMIP Symmetric Key Foundry for FIPS 140-2 Profile Version 1.0
Candidate OASIS Standard 01
13 January 2015

KMIP Tape Library Profile Version 1.0
Candidate OASIS Standard 01
13 January 2015

KMIP Suite B Profile Version 1.0
Candidate OASIS Standard 01
03 February 2015

KMIP Opaque Managed Object Store Profile Version 1.0
Candidate OASIS Standard 01
03 February 2015

Specification Overview:

The Key Management Interoperability Protocol (KMIP) is a single, comprehensive protocol for communication between clients that request any of a wide range of encryption keys and servers that store and manage those keys. By replacing redundant, incompatible key management protocols, KMIP provides better data security while at the same time reducing expenditures on multiple products.

These documents are intended for developers and architects who wish to design systems and applications that interoperate using the Key Management Interoperability Protocol Specification.

- Key Management Interoperability Protocol Specification Version 1.2 provides the core specification.

- Key Management Interoperability Protocol Profiles Version 1.2 define a set of normative constraints for employing KMIP within a particular environment or context of use. They may, optionally, require the use of specific KMIP functionality or in other respects define the processing rules to be followed by profile actors.

- KMIP Additional Message Encodings Version 1.0 describes additional (optional) message encodings as an alternative to the (mandatory) raw TTLV encoding including: HTTP, JSON, and XML.

- KMIP Storage Array with Self-Encrypting Drives Profile Version 1.0 describes a profile for Storage Arrays with Self-Encrypting Drives as KMIP clients interacting with KMIP servers.

- KMIP Symmetric Key Lifecycle Profile Version 1.0 describes a profile for a KMIP server performing symmetric key lifecycle operations based on requests received from a KMIP client.

- KMIP Tape Library Profile Version 1.0 describes a profile for Tape Libraries as KMIP clients interacting with KMIP servers.

- KMIP Cryptographic Services Profile Version 1.0 describes the use of KMIP operations to support cryptographic services being performed by a KMIP server on behalf of a KMIP client for key management operations.

- KMIP Asymmetric Key Lifecycle Profile Version 1.0 describes a profile for a KMIP server performing asymmetric key lifecycle operations based on requests received from a KMIP client.

- KMIP Symmetric Key Foundry for FIPS 140-2 Profile Version 1.0 describes a profile for a KMIP server creating FIPS140-2 approved symmetric key algorithms based on requests received from a KMIP client.

- KMIP Opaque Managed Object Store Profile Version 1.0 describes a profile for a KMIP server performing opaque managed object storage operations based on requests received from a KMIP client.

- KMIP Suite B Profile Version 1.0 describes a profile for KMIP clients and KMIP servers using Suite B cryptography that has been approved by NIST for use by the U.S. Government and specified in NIST standards or recommendations.

Six Statements of Use were received from Cryptsoft, IBM, P6R, Fortenix, HP and Thales. Some of the COSs are addressed by a subset of the SoUs.[3]

Public Review Period:

The 60-day public review starts 18 February 2015 at 00:00 UTC and ends 18 April 2015 at 23:59 UTC.

This is an open invitation to comment. OASIS solicits feedback from potential users, developers and others, whether OASIS members or not, for the sake of improving the interoperability and quality of its technical work.

URIs:

The prose specification document and related files are available here:

- Key Management Interoperability Protocol Specification Version 1.2

Editable source (Authoritative):
http://docs.oasis-open.org/kmip/spec/v1.2/cos01/kmip-spec-v1.2-cos01.doc

HTML:
http://docs.oasis-open.org/kmip/spec/v1.2/cos01/kmip-spec-v1.2-cos01.html

PDF:
http://docs.oasis-open.org/kmip/spec/v1.2/cos01/kmip-spec-v1.2-cos01.pdf

- Key Management Interoperability Protocol Profiles Version 1.2

Editable source (Authoritative):
http://docs.oasis-open.org/kmip/profiles/v1.2/cos01/kmip-profiles-v1.2-c...

HTML:
http://docs.oasis-open.org/kmip/profiles/v1.2/cos01/kmip-profiles-v1.2-c...

PDF:
http://docs.oasis-open.org/kmip/profiles/v1.2/cos01/kmip-profiles-v1.2-c...

- KMIP Additional Message Encodings Version 1.0

Editable source (Authoritative):
http://docs.oasis-open.org/kmip/kmip-addtl-msg-enc/v1.0/cos01/kmip-addtl...

HTML:
http://docs.oasis-open.org/kmip/kmip-addtl-msg-enc/v1.0/cos01/kmip-addtl...

PDF:
http://docs.oasis-open.org/kmip/kmip-addtl-msg-enc/v1.0/cos01/kmip-addtl...

- KMIP Storage Array with Self-Encrypting Drives Profile Version 1.0

Editable source (Authoritative):
http://docs.oasis-open.org/kmip/kmip-sa-sed-profile/v1.0/cos01/kmip-sa-s...

HTML:
http://docs.oasis-open.org/kmip/kmip-sa-sed-profile/v1.0/cos01/kmip-sa-s...

PDF:
http://docs.oasis-open.org/kmip/kmip-sa-sed-profile/v1.0/cos01/kmip-sa-s...

- KMIP Symmetric Key Lifecycle Profile Version 1.0

Editable source (Authoritative):
http://docs.oasis-open.org/kmip/kmip-sym-key-profile/v1.0/cos01/kmip-sym...

HTML:
http://docs.oasis-open.org/kmip/kmip-sym-key-profile/v1.0/cos01/kmip-sym...

PDF:
http://docs.oasis-open.org/kmip/kmip-sym-key-profile/v1.0/cos01/kmip-sym...

- KMIP Asymmetric Key Lifecycle Profile Version 1.0

Editable source (Authoritative):
http://docs.oasis-open.org/kmip/kmip-asym-key-profile/v1.0/cos01/kmip-as...

HTML:
http://docs.oasis-open.org/kmip/kmip-asym-key-profile/v1.0/cos01/kmip-as...

PDF:
http://docs.oasis-open.org/kmip/kmip-asym-key-profile/v1.0/cos01/kmip-as...

- KMIP Cryptographic Services Profile Version 1.0

Editable source (Authoritative):
http://docs.oasis-open.org/kmip/kmip-cs-profile/v1.0/cos01/kmip-cs-profi...

HTML:
http://docs.oasis-open.org/kmip/kmip-cs-profile/v1.0/cos01/kmip-cs-profi...

PDF:
http://docs.oasis-open.org/kmip/kmip-cs-profile/v1.0/cos01/kmip-cs-profi...

- KMIP Symmetric Key Foundry for FIPS 140-2 Profile Version 1.0

Editable Source (Authoritative):
http://docs.oasis-open.org/kmip/kmip-sym-foundry-profile/v1.0/cos01/kmip...

HTML:
http://docs.oasis-open.org/kmip/kmip-sym-foundry-profile/v1.0/cos01/kmip...

PDF:
http://docs.oasis-open.org/kmip/kmip-sym-foundry-profile/v1.0/cos01/kmip...

- KMIP Tape Library Profile Version 1.0

Editable source (Authoritative):
http://docs.oasis-open.org/kmip/kmip-tape-lib-profile/v1.0/cos01/kmip-ta...

HTML:
http://docs.oasis-open.org/kmip/kmip-tape-lib-profile/v1.0/cos01/kmip-ta...

PDF:
http://docs.oasis-open.org/kmip/kmip-tape-lib-profile/v1.0/cos01/kmip-ta...

- KMIP Suite B Profile Version 1.0

Editable source (Authoritative):
http://docs.oasis-open.org/kmip/kmip-suite-b-profile/v1.0/cos01/kmip-sui...

HTML:
http://docs.oasis-open.org/kmip/kmip-suite-b-profile/v1.0/cos01/kmip-sui...

PDF:
http://docs.oasis-open.org/kmip/kmip-suite-b-profile/v1.0/cos01/kmip-sui...

- KMIP Opaque Managed Object Store Profile Version 1.0

Editable source (Authoritative):
http://docs.oasis-open.org/kmip/kmip-opaque-obj-profile/v1.0/cos01/kmip-...

HTML:
http://docs.oasis-open.org/kmip/kmip-opaque-obj-profile/v1.0/cos01/kmip-...

PDF:
http://docs.oasis-open.org/kmip/kmip-opaque-obj-profile/v1.0/cos01/kmip-...

ZIP distribution file (complete):

For your convenience, OASIS provides a complete package of the prose specification and related files in a ZIP distribution file. You can download the ZIP file here:

- Key Management Interoperability Protocol Specification Version 1.2:
http://docs.oasis-open.org/kmip/spec/v1.2/cos01/kmip-spec-v1.2-cos01.zip

- Key Management Interoperability Protocol Profiles Version 1.2:
http://docs.oasis-open.org/kmip/profiles/v1.2/cos01/kmip-profiles-v1.2-c...

- KMIP Additional Message Encodings Version 1.0:
http://docs.oasis-open.org/kmip/kmip-addtl-msg-enc/v1.0/cos01/kmip-addtl...

- KMIP Storage Array with Self-Encrypting Drives Profile Version 1.0:
http://docs.oasis-open.org/kmip/kmip-sa-sed-profile/v1.0/cos01/kmip-sa-s...

- KMIP Symmetric Key Lifecycle Profile Version 1.0:
http://docs.oasis-open.org/kmip/kmip-sym-key-profile/v1.0/cos01/kmip-sym...

- KMIP Asymmetric Key Lifecycle Profile Version 1.0:
http://docs.oasis-open.org/kmip/kmip-asym-key-profile/v1.0/cos01/kmip-as...

- KMIP Cryptographic Services Profile Version 1.0:
http://docs.oasis-open.org/kmip/kmip-cs-profile/v1.0/cos01/kmip-cs-profi...

- KMIP Symmetric Key Foundry for FIPS 140-2 Profile Version 1.0:
http://docs.oasis-open.org/kmip/kmip-sym-foundry-profile/v1.0/cos01/kmip...

- KMIP Tape Library Profile Version 1.0:
http://docs.oasis-open.org/kmip/kmip-tape-lib-profile/v1.0/cos01/kmip-ta...

- KMIP Suite B Profile Version 1.0:
http://docs.oasis-open.org/kmip/kmip-suite-b-profile/v1.0/cos01/kmip-sui...

- KMIP Opaque Managed Object Store Profile Version 1.0:
http://docs.oasis-open.org/kmip/kmip-opaque-obj-profile/v1.0/cos01/kmip-...

Additional information about the specification and the Key Management Interoperability Protocol (KMIP) TC may be found at the TC's public home page:

https://www.oasis-open.org/committees/kmip/

Comments may be submitted to the TC by any person through the use of the OASIS TC Comment Facility as explained in the instructions located via the button labeled "Send A Comment" at the top of the TC public home page, or directly at:

https://www.oasis-open.org/committees/comments/index.php?wg_abbrev=kmip

Comments submitted by TC non-members for this work and for other work of this TC are publicly archived and can be viewed at:

http://lists.oasis-open.org/archives/kmip-comment/

All comments submitted to OASIS are subject to the OASIS Feedback License, which ensures that the feedback you provide carries the same obligations at least as the obligations of the TC members. In connection with this public review of these 11 Candidate OASIS Standards, we call your attention to the OASIS IPR Policy [4] applicable especially [5] to the work of this technical committee. All members of the TC should be familiar with this document, which may create obligations regarding the disclosure and availability of a member's patent, copyright, trademark and license rights that read on an approved OASIS specification.

OASIS invites any persons who know of any such claims to disclose these if they may be essential to the implementation of the above specification, so that notice of them may be posted to the notice page for this TC's work.

==============

[1] OASIS Key Management Interoperability Protocol (KMIP) TC
https://www.oasis-open.org/committees/kmip/

[2] Candidate OASIS Standard approval ballots:

- Key Management Interoperability Protocol Specification Version 1.2: https://www.oasis-open.org/committees/ballot.php?id=2729

- Key Management Interoperability Protocol Profiles Version 1.2: https://www.oasis-open.org/committees/ballot.php?id=2730

- KMIP Additional Message Encodings Version 1.0:https://www.oasis-open.org/committees/ballot.php?id=2731

- KMIP Storage Array with Self-Encrypting Drives Profile Version 1.0: https://www.oasis-open.org/committees/ballot.php?id=2732

- KMIP Symmetric Key Lifecycle Profile Version 1.0: https://www.oasis-open.org/committees/ballot.php?id=2733

- KMIP Asymmetric Key Lifecycle Profile Version 1.0://www.oasis-open.org/committees/ballot.php?id=2734

- KMIP Symmetric Key Foundry for FIPS 140-2 Profile Version 1.0: https://www.oasis-open.org/committees/ballot.php?id=2735

- KMIP Tape Library Profile Version 1.0: https://www.oasis-open.org/committees/ballot.php?id=2736

- KMIP Cryptographic Services Profile Version 1.0: https://www.oasis-open.org/committees/ballot.php?id=2757

- KMIP Suite B Profile Version 1.0: https://www.oasis-open.org/committees/ballot.php?id=2758

- KMIP Opaque Managed Object Store Profile Version 1.0: https://www.oasis-open.org/committees/ballot.php?id=2759

[3] Statements of Use:
1. Cryptsoft - https://www.oasis-open.org/apps/org/workgroup/kmip/download.php/54564/KM... 14-Nov-2014.pdf

2. IBM - https://www.oasis-open.org/apps/org/workgroup/kmip/email/archives/201412...

3. P6R - https://www.oasis-open.org/apps/org/workgroup/kmip/email/archives/201411...

4. Fortenix - https://www.oasis-open.org/apps/org/workgroup/kmip/email/archives/201501...

5. HP - https://lists.oasis-open.org/archives/kmip-comment/201501/msg00000.html

6. Thales - https://www.oasis-open.org/apps/org/workgroup/kmip/download.php/54913/SO...

[4] http://www.oasis-open.org/policies-guidelines/ipr

[5] http://www.oasis-open.org/committees/kmip/ipr.php
https://www.oasis-open.org/policies-guidelines/ipr#s10.2.2
RF on RAND Mode

Associated TC: 
Key Management Interoperability Protocol (KMIP)
Associated MS: 
IDtrust