XmlKeyManagementSpecification

XmlKeyManagementSpecification (XKMS) is a W3org document championed by VeriSign, MS et al. XKMS is intended for use in SOAP based WebServices.

It is designed to work with a number of "key based security schemes", and aim to relieve developers of the detailed technical knowledge of the security schemes such as PublicKeyInfrastructure (PKI). More details at http://www.nwfusion.com/news/tech/2003/0908techupdate.html).

• Note the use of PKI make security implementations scalable, compared to use of alternatives such as KerberosProtocol.

SecurityAssertionMarkupLanguage is an alternative to the use of XmlKeyManagementSpecification, but the two can be implemented together. See reading in resources section later on.

I was at VeriSign working on some XmlKeyManagementSpecification and SecurityAssertionMarkupLanguage offerings in 2002. In my opinion, the AchillesHeel of XML security is XmlSignature. Signing only a portion of an XML document simply doesn't make sense due to global attributes with scoped effect (such as namespace declarations) when simply by including one document within another, you potentially change the meaning of the included document. -- JeffreyHantin

---

Resources

XML Trust Center http://www.xmltrustcenter.org/index.htm

Simplification, Not XML, is the Key to PKI Success... at http://www.itworld.com/nl/xml_prac/07122001/

BigBlue talk on XKMS http://www-106.ibm.com/developerworks/xml/library/x-seclay3/

Build security infrastructure http://www.xml.com/lpt/a/ws/2003/12/09/salz.html

---

CategorySecurity CategoryWebServices