XML Key Management (XKMS)
My earlier articles on Web service security issues discussed XML encryption and XML digital signatures in detail. Both of them rely heavily on the distribution and privacy of secret cryptographic keys called public and private keys. The processes of organizing, maintaining, and distributing these keys have become so complex that it has necessitated the need for a dedicated infrastructure called Public Key Infrastructure (PKI) in the conventional IT realm.
XML Key Management Specifications (XKMS) help us to evolve a similar infrastructure for the Web services world, enabling key exchange and verification via standard XML protocols.
This article explores PKI, its evolution in the Web services world, and the XKMS specifications and approach.
The following lists acronyms that are frequently referred to in this article:
PKI: Public Key Infrastructure
CA: Certification Authorities
XKMS: XML Key Management Specifications
XKISS: XML Key Information Service Specifications
XKRSS: XML Key Registration Service Specifications