Public key infrastructure (PKI) and digital certificates promise to bring security and identity trust to the world of e-commerce. Extensible Markup Language (XML) promises to make it easier than ever to share data across applications. Bringing the two closer together would obviously be of great benefit to the online economy and this is what VeriSign, Microsoft and webMethods had in mind when they collaborated on the XKMS (XML Key Management Specification) framework last year.
Now Baltimore Technologies, Hewlett-Packard, IBM, IONA, PureEdge Solutions, and Reuters have joined the three original companies in submitting the specification to the World Wide Web Consortium (W3C) for consideration as an official open standard. Entrust Technologies, RSA Security and Science Applications International Corporation have also expressed support for the specification.
XKMS was begun as a way to standardize the interface e-commerce software needs to access hosted services for digital certificate and PKI management.
Digital signatures, when backed by law, can verify identities on the buy and sell of a transaction and also the content of the transaction itself. PKI framework is the most common basis for digital signature technologies and allows verifiable, secure digital signatures to be transmitted over open systems such as the internet.
"We are very excited about the XKMS framework and the response we've had from our member financial institutions," said Dave Oshman, senior vice president, technology of Identrus, an industry consortium that aims to make global banks an integral part of online identity trust. "VeriSign has helped solve a key technical issue for merchants that will speed use of digital certificates and ultimately improve return on investment for market participants and service providers."
As its name suggests, XKMS is being developed to be used in conjunction with other XML initiatives, such as the emerging standard for XML digital signatures. It is also anticipated that future versions of the XKMS specification will be compatible with XML encryption.
The XKMS specification is designed to be implemented as a web-based service. It introduces an open framework that enables virtually any developer to easily incorporate trust services directly into the application. Currently, developers must enable desktop and e-commerce applications to handle digital keys for authentication and digital signatures via the use of toolkits offered by a range of software vendors. Functions such as digital certificate processing, revocation status checking and certification path location and validation, do not always interoperate with all vendors' PKI offerings.
With XKMS, trust functions reside in servers accessible via easily programmed XML transactions. Developers can allow applications to outsource all or part of the processing of XML digital signatures and encrypted elements to selected service providers, minimizing the complexity of the underlying PKI.