Key Management Interoperability Protocol (KMIP) 1.0 Receives Approval as OASIS Standard
Boston, MA, USA; 14 October 2010 — The OASIS open standards consortium today announced approval of the Key Management Interoperability Protocol (KMIP) version 1.0. Developed through a collaboration of more than 30 vendors and end user organizations, KMIP enables communication between key management systems and cryptographically-enabled applications, including email, databases, and storage devices. KMIP and the related KMIP Profiles are now official OASIS Standards, a status that signifies the highest level of ratification.
"KMIP fills a real void," said Jon Oltsik, Principal Analyst at the Enterprise Strategy Group. "The challenge of administering multiple data security systems has become more widespread as new technologies with built-in encryption gain acceptance. KMIP can succeed, not only because of the breadth of devices it supports, but also because of the very clear rules it imposes on methods of key management communication."
KMIP simplifies the way companies manage cryptographic keys, eliminating the need for redundant, incompatible key management processes. Key lifecycle management — including the generation, submission, retrieval, and deletion of cryptographic keys — is enabled by the standard. Designed for use by both legacy and new cryptographic applications, KMIP supports many kinds of cryptographic objects, including symmetric keys, asymmetric keys, digital certificates, and authentication tokens.
"KMIP enables a new generation of enterprise key management, fully interoperable across the broad range of cryptographic capabilities that are required for effective security," said Robert Griffin of EMC/RSA, co-chair of the OASIS KMIP Technical Committee. "KMIP's approval as an OASIS Standard represents a milestone for all enterprises that are concerned with the security of their information, identities, and infrastructure."
"Development of KMIP was enriched by participation from across the public and private sectors," added Subhash Sankuratripati of NetApp, co-chair of the OASIS KMIP Technical Committee. "In addition to having most of the major software and security vendors involved, government agencies including U.S. NIST and NSA, and large end users, including Aetna and Target, also contributed."
KMIP is offered for implementation on a royalty-free basis. Participation in the OASIS KMIP Technical Committee is open to all companies, non-profit groups, governments, academic institutions, and individuals. As with all OASIS projects, archives of the Committees' work are accessible to both members and non-members, and OASIS hosts an open mail list for public comment.
Support for KMIP
"Brocade has always been committed to providing innovative, standards-based technologies and we are pleased to be a part of the OASIS committee," said Martin Skagen senior director of network systems architecture at Brocade. "With the introduction of the new Key Management Interoperability Protocol and the KMIP Profiles standards we are able to protect valuable digital assets across the entire enterprise data center environment, from encryption systems to enterprise applications."
"The IT industry today is enabling commerce and improving efficiencies on a global scale. In order to help ensure these business transactions and operations are secure, encryption is widely used, making encryption key management a critical issue," said Tim Brown, chief security architect and senior vice president, CA Technologies. "The adoption of the cloud will compound encryption use and add to the complexity of the key management. CA Technologies sees the KMIP standard as a important step toward enabling scalable key management solutions and seamless interoperability across a variety of encryption products and vendors."
"KMIP dramatically increases data center security by introducing the first open standard protocol for key management. The protocol enables interoperable solutions for the automated management of the lifecycle of cryptographic keys, which will be beneficial for cloud storage and computing," said Dr. Robert Haas, manager of Storage Systems Research at IBM Research — Zurich, co-editor of KMIP 1.0.
"In order to thrive, organizations must collaborate by sharing data across employees, suppliers, partners and customers while maintaining high levels of data security and compliance," said Chris Whitener, HP's chief security strategist. "HP’s investment in developing the new KMIP OASIS Standard demonstrates our commitment to simplified, secure, converged IT infrastructures using efficient key management to protect data security and privacy."
"RSA and EMC are very pleased to see the approval of KMIP 1.0 as an OASIS Standard. We have been a leader in and contributor to this effort since its very beginning, when we were responding to the needs of customers who demanded strong key management systems," said Bret Hartman, chief technology officer, RSA, The Security Division of EMC. "We look forward to seeing KMIP implemented across the industry, enabling a security ecosystem that fully supports enterprises in their move towards virtualization and cloud."
"In order to protect vital assets and address regulatory requirements, enterprises are becoming increasingly reliant upon encryption. However, in most enterprises, encryption has been managed in a disparate, ad hoc fashion, which can present risks to the security of information, result in data loss, and prove very costly," said Rami Shalom, vice president, product management, data encryption and control, SafeNet. "By supporting KMIP 1.0 and KMIP Profiles 1.0, now approved as OASIS Standards, SafeNet will enable its customers to centrally manage encryption efforts across the entire organization, address regulatory requirements, and get the most value out of encryption."
"Vormetric’s mission is to simplify encryption and key management for the enterprise. To that end, we have been very pleased to play our part in advancing the OASIS KMIP key management standard," said Richard Gorman, president and CEO of Vormetric.
OASIS (Organization for the Advancement of Structured Information Standards) drives the development, convergence, and adoption of open standards for the global information society. A not-for-profit consortium, OASIS advances standards for SOA, security, Web services, documents, e-commerce, government and law, localisation, supply chains, XML processing, and other areas of need identified by its members. OASIS open standards offer the potential to lower cost, stimulate innovation, grow global markets, and protect the right of free choice of technology. The consortium has more than 5,000 participants representing over 600 organizations and individual members in 100 countries. http://www.oasis-open.org
OASIS Senior Director, Communications
+1 (781) 425-5073 x209