[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: [Fwd: Article on EKMI at IEEE DSOnline]
FYI. While I won't dispute that what we are doing is ambitious, I only wish the author had mentioned that the DRAFT protocol has an implementation that is very usable right now (evidenced by over 900 downloads) for commercial companies. This makes the effort more than achievable. Only the military establishment has requested additional capability in the protocol so far. Any other comments? Arshad Noor StrongAuth, Inc. -------- Original Message -------- Subject: article Date: Wed, 19 Sep 2007 17:17:37 -0400 From: Dee Schur <dee.schur@oasis-open.org> To: 'Arshad Noor' <arshad.noor@strongauth.com> Did you see this? ---------------------------------------------------------------------- Key Management Standards Hit the Fast Track Greg Goth, IEEE Distributed Systems Online It might appear that the technology industry just discovered encryption-key management in 2007. Since the beginning of the year, data-security product vendors, enterprise customers, and standards bodies have embraced efforts to standardize methods for managing encryption keys across disparate encrypted-data storage and exchange systems. Three standards bodies -- the IEEE, the Internet Engineering Task Force (IETF), and OASIS -- have recently chartered working groups on key management. For enterprise technologists, navigating the landscape of vendor-specific key-management solutions and emerging standards efforts might prove to be a daunting task. Bob Griffin, technical marketing director for RSA Security, sees two prevailing industry trends precipitating the urgency to create a key-management standard. First is the proliferation of endpoint devices that can share keys to access encrypted data. The second, following naturally from the first, is the increased number of vendors homing in on this market niche. A third factor, just as important as the technical nuts and bolts, is a regulatory climate that's becoming ever more security-conscious. Numerous laws, such as California's Breach Disclosure Law, and US federal regulations, such as the US Health Insurance Portability and Accountability Act, as well as the Payment Card Industry's Data Security Standard, have spelled out strict requirements for protecting customer and patient data. As a result, security experts increasingly recommend encrypting data stored on any device, not just data in transit. And those devices must be able to share keys efficiently. For now, RSA has staked the most of its key-management effort on the IEEE process. The key-management group, IEEE-P-1619.3, is a subgroup of the 1619 Security in Storage Working Group. Griffin is a member of 1619.3, which is focusing on storage encryption. He's also serving as an observer and liaison in the OASIS key-management effort, known as Enterprise Key Management Infrastructure (EKMI). Griffin characterizes the OASIS effort as "an extremely, extremely large project." It aims to enable universal encryption and decryption at the application layer. Because this would require every imaginable application to adhere to the same key management standard, both Norall and Griffin see results at least five years away. http://dsonline.computer.org/portal/pages/dsonline/2007/09/o9004news.html See also the OASIS EKMI TC FAQ document: http://www.oasis-open.org/committees/ekmi/faq.php ---------------------------------------------------------------------- Best, d
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]