Call for Participation: Rechartered OASIS Key Management Interoperability Protocol (#KMIP) TC

The OASIS Key Management Interoperability Protocol (KMIP) Technical Committee has approved [1] a revised charter, included below. The TC name, statement of purpose, scope, list of deliverables, audience, IPR mode and language specified in the revision below will constitute the TC's official charter. A red-lined version of the charter showing the revisions from the original is available [2].

The TC will hold its first meeting under the revised charter on Thursday, 10 October 2013 at 4:00 PM US Eastern Time / 20:00 GMT. Submissions of technology for consideration by the TC and the beginning of technical discussions under the revised charter may begin no sooner than this first meeting.

OASIS and the TC welcome participation by all interested parties. The eligibility requirements for becoming a participant in the TC at the first meeting are:

(a) you must be an employee of an OASIS member organization or an individual member of OASIS, and

(b) you must join the Technical Committee after the revised charter is published to the TC's home page on 03 October 2013, which members may do by using the Roster "join group" link on the TC's home page at [3].

Note that everyone who wishes to participate must explicitly join the TC as described in (b) above. Membership under the original charter does not automatically carry over.

Non-OASIS members who wish to participate may contact us about joining OASIS [4]. Instructions for joining the Technical Committee can be found at the "Join This TC" link on the TC's public home page [5]

Please feel free to forward this announcement to any other appropriate lists. OASIS is an open standards organization; we encourage your participation in our work.

[1] recharter ballot:

[2] charter with redlined revisions

[3] TC web page:



--- Revised Charter

(1)(a) The name of the TC:

OASIS Key Management Interoperability Protocol (KMIP) Technical Committee

(1)(b) Statement of Purpose:

The KMIP Technical Committee will develop specification(s) for the interoperability of key management services with key management clients. The specifications will address anticipated customer requirements for key lifecycle management (generation, refresh, distribution, tracking of use, life-cycle policies including states, archive, and destruction), key sharing, and long-term availability of cryptographic objects of all types (public/private keys and certificates, symmetric keys, and other forms of "shared secrets") and related areas.

(1)(c) Scope:

The initial goal is to define an interoperable protocol for standard communication between key management servers, and clients and other actors which can utilize these keys. Secure key management for TPMs (Trusted Platform Modules) and Storage Devices will be addressed. The scope of the keys addressed is enterprise-wide, including a wide range of actors: that is, machine, software, or human participants exercising the protocol within the framework. Actors for KMIP may include:

* Storage Devices
* Networking Devices
* Personal devices with embedded storage (e.g. Personal Computers, Handheld Computers, Cell Phones)
* Users
* Applications
* Databases
* Operating Systems
* Input/Output Subsystems
* Management Frameworks
* Key Management Systems
* Agents

Out of scope areas include:

* Implementation specific internals of prototypes and products
* Multi-vendor Key Management facility mirrors or clusters
* Definition of an architectural design for a central enterprise key management or certificate management system other than any necessary models, interfaces and protocols strictly required to support interoperability between Actors in the multi-vendor certificate and key management framework.

(1)(d) List of deliverables:

The deliverables for the KMIP Technical Committee are anticipated to include the following:

* Revised KMIP Specification. This provides the normative expression of the protocol, including objects, attributes, operations and other elements. A Committee Specification is scheduled for completion within 12 months of the first TC meeting.

* Revised KMIP Profiles. This provides the normative expression of conformant implementations of the protocol. A Committee Specification is scheduled for completion within 12 months of the first TC meeting.

* Revised KMIP Usage Guide. This provides illustrative and explanatory information on implementing the protocol, including authentication profiles, implementation recommendations, conformance guidelines and security considerations. A Committee Note is scheduled for completion within 12 months of the first TC meeting.

* Revised KMIP Use Cases. This provides illustrative use cases for KMIP. A Committee Note is scheduled for completion within 12 months of the first TC meeting.

* Revised KMIP Test Cases. This provides illustrative test cases for KMIP and examples of the protocol implementing those test cases. A Committee Note is scheduled for completion within 12 months of the first TC meeting.

* Revised KMIP Frequently Asked Questions. This illustrative document provides guidance on what KMIP is, the problems it is intended to address and other frequently asked questions.

KMIP, as defined in the above deliverables, will be scoped to include the following:

1. Comprehensive Key and Certificate Lifecycle Management Framework
A. Lifecycle Management Framework to Include:
a. Provisioning of Keys and Certificates
i. Creation
ii. Distribution
iii. Exchange/Interchange
iv. Auditing
b. Reporting
c. Logging (Usage tracking)
d. Backup
e. Restore
f. Archive
g. Update/Refresh
h. Management of trust mechanisms between EKCLM (Enterprise Key and Certificate Lifecycle Management) actors only as necessary to support EKCLM

B. Comprehensive Key and Certificate Policy Framework to include:
a. Creation
b. Distribution
c. Exchange/Interchange
d. Auditing
e. Reporting
f. Logging (Usage tracking)
g. Backup
h. Restore
i. Archive
j. Update/Refresh
k. Expectation of Policy Enforcement
i. At endpoints
ii. At Key Manager
iii. At intermediaries between endpoints and Key Manager facility

C. Interoperability between Machine Actors in performing all aspects of A) and B), and addressing:
a. pre-provisioning and late binding of keys and certificates
b. support for hierarchical or delegation or direct models
c. actor discovery and enrollment as necessary to support ECKLM
d. key, certificate and policy migration
e. audit and logging facilities

D. General Capabilities may include:
a. Secure and Robust Mechanisms, Techniques, Protocols and Algorithms
b. Recovery capabilities, only as needed by interoperable interfaces, anticipating power failure, or other common failures of automated Actors
c. Forward compatibility considerations
d. Interface to Identity Management facilities as necessary for A) and B)
e. Interface to Enterprise Directory facilities as necessary for A) and B)

KMIP TC will also support activities to encourage adoption of KMIP. This would likely include:

* Interoperability sessions to test effectiveness of the specification
* Reference implementations of KMIP functionality

(1)(e) IPR Mode under which the TC will operate:

The KMIP TC is anticipated to operate under RF on RAND.

(1)(f) Anticipated audience or users:

KMIP is intended for the following audiences:

* Architects, designers and implementers of providers and consumers of enterprise key management services.

(1)(g) Language:

Work group business and proceedings will be conducted in English.

(2)(a) Identification of Similar Work

No active work is being done in this area by another OASIS TC nor as a major effort by another organization. KMIP has achieved significant success as the most important key management standard in the industry since the establishment of the KMIP TC in February 2009. The experience of the past 4 years has led the KMIP TC members to identify areas that should be addressed by the standard but that were excluded under the existing charter. Re-chartering KMIP TC enables the TC to address these areas.

(2)(b) First meeting

The first meeting will be held via telephone conference call on Thursday 10-Oct-2013 at 4 pm Eastern Time (US). EMC Corporation, as sponsor, will provide the conference call bridge for the first meeting.

(2)(c) Meeting schedule

The KMIP TC will meet via teleconference at least twice monthly. As with the current KMIP TC meetings, EMC Corporation will serve (at least initially) as sponsor of the meetings.

(2)(d) Not required for re-chartering

(2)(e) Not required for re-chartering

(2)(f) Convener

The convener is Robert Griffin (EMC Corporation), current KMIP TC co-chair.

(2)(g) Member Section

As with the current KMIP TC, the re-chartered KMIP TC will affiliate with the IDtrust Member Section.

(2)(h) Contributions

The existing KMIP TC will contribute the following technical work to the re-chartered KMIP TC:

* KMIP Specification V1.2 Committee Specification Draft
* KMIP Profiles V1.2 Committee Specification Draft
* KMIP Usage Guide V1.2 Committee Note Draft
* KMIP Use Cases V1.2 Committee Note Draft
* KMIP Test Cases V1.2 Committee Note Draft
* All individual KMIP Profiles approved by the KMIP as Committee Specification Drafts
* KMIP Frequently Asked Questions

(2)(i) Frequently Asked Questions

The current KMIP FAQ is available at

(2)(j) Working Title and Acronym

Key Management Interoperability Protocol will continue to be represented by the acronym KMIP.

Associated TC: 
Key Management Interoperability Protocol (KMIP)