Vendors claim wide support for XML-based PKI spec

Vendors claim wide support for XML-based PKI spec

VeriSign, Microsoft and webMethods are claiming widespread financial industry support for their jointly developed XML key management specification (XKMS) for interoperable PKI services.

Baltimore Technologies, Hewlett-Packard, IBM, Iona, PureEdge Solutions, and Reuters have joined the companies in submitting the specification to the World Wide Web Consortium (W3C). Additional supporters are listed as Entrust Technologies, RSA Security and Science Applications International Corporation.

The W3C recently acknowledged the submission, which will be presented at an upcoming workshop. The XKMS specification makes it possible for enterprises and developers to integrate advanced PKI technologies such as digital signature handling and encryption into e-commerce applications, and also ensures interoperability of varying PKI solutions, say the companies.

Stratton Sclavos, president and CEO of VeriSign, says: "By moving complexity to the infrastructure, it will now be much easier for enterprises to deploy a far broader range of Internet applications."

The XKMS specification introduces an open framework that enables developers to incorporate trust services directly into applications. Currently, developers must enable desktop and e-commerce applications to handle digital keys via the use of software toolkits. Functions such as digital certificate processing, revocation status checking and certification path location and validation do not always interoperate with all vendors' PKI offerings. With the new XKMS specification, those functions instead reside in servers that can be accessed via easily programmed XML messages.

"We are very excited about the XKMS framework and the response we've had from our member financial institutions," says Dave Oshman, senior VP, technology of Identrus, the bank-backed digital identity consortium. "VeriSign has helped solve a key technical issue for merchants that will speed use of digital certificates and ultimately improve return on investment for market participants and service providers."

Designed to be implemented as a Web service, XKMS is built upon Web Services Description Language (WSDL) and Simple Object Access Protocol (SOAP). It is anticipated that future versions of the XKMS specification will be compatible with XML encryption and XML protocol.

Mario Morel, chief technology officer for CIBC - which is currently implementing digital certification services across its operations - welcomes the initiative. "CIOs of Canadian banks can now focus on selecting the PKI solution that best integrates with their current applications, knowing that XKMS will provide the means to seamlessly conduct high value electronic transactions between any other banks in Canada, through the Internet, independent of anyone's PKI vendor," he says.

Comments: (0)