Press Release

OASIS Members Form Committee to Standardize Symmetric Encryption Key Management Across the Enterprise

Boston, MA, USA; 25 June 2007 — Members of the OASIS international consortium have formed a committee to develop an open standard for managing symmetric encryption cryptographic keys across the enterprise. The OASIS Enterprise Key Management Infrastructure (EKMI) Technical Committee is working to standardize a royalty free Web services protocol that will enable client applications to request symmetric key-management services of a network-based server. The Committee is also working towards creating implementation, operations and audit guidelines for EKMI and an interoperability test suite to ensure compliant implementations of the protocol.

"The life cycle of encryption keys is incredibly important. As enterprises deploy ever-increasing numbers of encryption solutions, they often find themselves managing silos with inconsistent policies, availability, and strength of protection. Enterprises need to maintain keys in a consistent way across various applications and business units," said Trent Henry, senior analyst, Burton Group. "EKMI will be an important step in addressing this problem in an open, cross-vendor manner."

The EKMI Technical Committee is part of the OASIS IDtrust Member Section, a group of that brings together companies, public sector agencies, and research institutions from around the world to promote greater understanding and use of standards-based technologies, policies, and practices for identity and trusted infrastructure.

"We believe that key management must become as generic a service as the Domain Name Service (DNS), applicable and accessible to anything that needs its services," noted Arshad Noor, chair of the OASIS EKMI Technical Committee. "Given the effort that companies must expend in encrypting sensitive data and managing encryption keys, it behooves them to do it right, and to do it just once. Encrypting anywhere other than at the application layer will require data custodians to revisit the problem again."

"The basic technologies for asymmetric key e-signatures have been around for years, but so have questions about how to best use and manage them," noted James Bryce Clark, director of standards development for OASIS. "The goal of the EKMI effort is to provide a clear set of answers."

Representatives of Red Hat, the United States Department of Defense, Visa, and others make up the OASIS EKMI Technical Committee. Participation remains open to all companies, non-profit groups, governments, academic institutions, and individuals.

The OASIS EKMI Technical Committee operates under the Royalty Free on Limited Terms mode, as defined by the OASIS Intellectual Property Rights Policy. As with all OASIS projects, archives of the Committee’s work are accessible to both members and non-members, and OASIS offers a mechanism for public comment.

Additional information:
OASIS EKMI Technical Committee: http://www.oasis-open.org/committees/ekmi/
EKMI FAQ: http://www.oasis-open.org/committees/ekmi/faq.php
OASIS IDtrust Member Section: http://www.oasis-idtrust.org/

About OASIS:

OASIS (Organization for the Advancement of Structured Information Standards) is a not-for-profit, international consortium that drives the development, convergence, and adoption of e-business standards. Members themselves set the OASIS technical agenda, using a lightweight, open process expressly designed to promote industry consensus and unite disparate efforts. The consortium produces open standards for Web services, security, e-business, and standardization efforts in the public sector and for application-specific markets. Founded in 1993, OASIS has more than 5,000 participants representing over 600 organizations and individual members in 100 countries. http://www.oasis-open.org

Press contact: Carol Geyer OASIS Director of Communications carol.geyer@oasis-open.org +1.978.667.5115 x209 (office) +1.941.284.0403 (mobile)