[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [oasis-charter-discuss] RE: [members] Proposed Charter for OASISKey Management Interoperability Protocol (KMIP) TC
> The only comment I have is to request that the acronym "TPM" under the scope section be defined. In a similar vein, I asked for clarification/gloss on 'EKCLM' The response from one of the TC charter editors: EKCLM = Enterprise Key and Certificate Lifecycle Management -rcc Robin Cover OASIS, Director of Information Services Editor, Cover Pages and XML Daily Newslink Email: robin@oasis-open.org Staff bio: http://www.oasis-open.org/who/staff.php#cover Cover Pages: http://xml.coverpages.org/ Newsletter: http://xml.coverpages.org/newsletterArchive.html Tel: +1 972-296-1783 On Wed, 25 Feb 2009, Martin Chapman wrote: > As part of my duty as a TAB member, I was asked to review this charter. > In my view the charter provides the necessary information required by the OASIS TC Process. > > The only comment I have is to request that the acronym "TPM" under the scope section be defined. > > Cheers, > Martin. > >> -----Original Message----- >> From: Mary McRae [mailto:marypmcrae@gmail.com] On Behalf Of Mary McRae >> Sent: 12 February 2009 14:33 >> To: members@lists.oasis-open.org; tc-announce@lists.oasis-open.org >> Cc: oasis-charter-discuss@lists.oasis-open.org >> Subject: [members] Proposed Charter for OASIS Key Management Interoperability Protocol (KMIP) TC >> >> To OASIS Members: >> >> A draft TC charter has been submitted to establish the OASIS Key >> Management Interoperability Protocol (KMIP) Technical Committee (below). In >> accordance with the OASIS TC Process Policy section 2.2: >> (http://www.oasis-open.org/committees/process-2008-06-19.php#formation) the >> proposed charter is hereby submitted for comment. The comment period shall >> remain open until 11:45 pm ET on 26 February 2009. >> >> OASIS maintains a mailing list for the purpose of submitting comments on >> proposed charters. Any OASIS member may post to this list by sending email >> to: >> mailto:oasis-charter-discuss@lists.oasis-open.org. All messages will be >> publicly archived at: >> http://lists.oasis-open.org/archives/oasis-charter-discuss/. Members who >> wish to receive emails must join the group by selecting "join group" on the >> group home page: >> http://www.oasis-open.org/apps/org/workgroup/oasis-charter-discuss/. >> Employees of organizational members do not require primary representative >> approval to subscribe to the oasis-charter-discuss e-mail. >> >> A telephone conference will be held among the Convener, the OASIS TC >> Administrator, and those proposers who wish to attend within four days of >> the close of the comment period. The announcement and call-in information >> will be noted on the OASIS Charter Discuss Group Calendar. >> >> We encourage member comment and ask that you note the name of the proposed >> TC ([KMIP]) in the subject line of your email message. >> >> Regards, >> >> Mary >> >> --------------------------------------------------- >> Mary P McRae >> Director, Technical Committee Administration >> OASIS: Advancing open standards for the information society >> email: mary.mcrae@oasis-open.org >> web: www.oasis-open.org >> phone: 1.603.232.9090 >> >> =========== >> PROPOSED CHARTER FOR REVIEW AND COMMENT >> >> Proposed Charter for OASIS Key Management Interoperability Protocol (KMIP) >> Technical Committee >> >> >> The name of the TC: >> Key Management Interoperability Protocol (KMIP) Technical Committee >> >> >> Statement of purpose: >> The KMIP Technical Committee will develop specification(s) for the >> interoperability of key management services with key management clients. The >> specifications will address anticipated customer requirements for key >> lifecycle management (generation, refresh, distribution, tracking of use, >> life-cycle policies including states, archive, and destruction), key >> sharing, and long-term availability of cryptographic objects of all types >> (public/private keys and certificates, symmetric keys, and other forms of >> "shared secrets") and related areas. >> >> >> Scope: >> The initial goal is to define an interoperable protocol for standard >> communication between key management servers, and clients and other actors >> which can utilize these keys. Secure key management for TPMs and Storage >> Devices will be addressed. The scope of the keys addressed is >> enterprise-wide, including a wide range of actors: that is, machine, >> software, or human participants exercising the protocol within the >> framework. Actors for KMIP may include: >> * Storage Devices >> * Networking Devices >> * Personal devices with embedded storage (e.g. Personal Computers, Handheld >> Computers, Cell Phones) >> * Users >> * Applications >> * Databases >> * Operating Systems >> * Input/Output Subsystems >> * Management Frameworks >> * Key Management Systems >> * Agents >> >> Out of scope areas include: >> * Implementation specific internals of prototypes and products >> * Multi-vendor Key Management facility mirrors or clusters >> * Definition of an architectural design for a central enterprise key >> management or certificate management system other than any necessary models, >> interfaces and protocols strictly required to support interoperability >> between Actors in the multi-vendor certificate and key management framework. >> * Framework interfaces not dedicated to secure key and certificate >> management >> * Certain areas of functionality related to key management are also outside >> the scope of this technical committee, in particular registration of >> clients, server-to-server communication and key migration. >> * Bindings other than tag-length-value wire protocol and XSD-based >> encodings. >> >> List of deliverables: >> The deliverables for the KMIP Technical Committee are anticipated to include >> the following: >> * Revised KMIP Specification v0.98. This provides the normative expression >> of the protocol, including objects, attributes, operations and other >> elements. A Committee Specification is scheduled for completion within 12 >> months of the first TC meeting. >> * Revised KMIP Usage Guide v0.98. This provides illustrative and explanatory >> information on implementing the protocol, including authentication profiles, >> implementation recommendations, conformance guidelines and security >> considerations. A Committee Specification is scheduled for completion within >> 12 months of the first TC meeting. >> * Revised KMIP Use Cases and Test Cases v0.98. This provides sample use >> cases for KMIP, test cases for implementing those use cases, and examples of >> the protocol implementing those test cases. A Committee Specification is >> scheduled for completion within 12 months of the first TC meeting. >> * Revised KMIP Frequently Asked Questions. This document provides guidance >> on what KMIP is, the problems it is intended to address and other frequently >> asked questions. >> >> KMIP, as defined in the above deliverables, will be scoped to include the >> following: >> 1) Comprehensive Key and Certificate Lifecycle Management Framework >> A. Lifecycle Management Framework to Include: >> a) Provisioning of Keys and Certificates >> i) Creation >> ii) Distribution >> iii) Exchange/Interchange >> iv) Auditing >> b) Reporting >> c) Logging (Usage tracking) >> d) Backup >> e) Restore >> f) Archive >> g) Update/Refresh >> h) Management of trust mechanisms between EKCLM actors only as necessary >> to support EKCLM >> B. Comprehensive Key and Certificate Policy Framework to include: >> a) Creation >> b) Distribution >> c) Exchange/Interchange >> d) Auditing >> e) Reporting >> f) Logging (Usage tracking) >> g) Backup >> h) Restore >> i) Archive >> j) Update/Refresh >> k) Expectation of Policy Enforcement >> i) At endpoints >> ii) At Key Manager >> iii) At intermediaries between endpoints and Key Manager facility >> C. Interoperability between Machine Actors in performing all aspects of A) >> and B), and addressing: >> a) pre-provisioning and late binding of keys and certificates >> b) support for hierarchical or delegation or direct models >> c) actor discovery and enrollment as necessary to support ECKLM >> d) key, certificate and policy migration >> e) audit and logging facilities >> D. General Capabilities may include: >> a) Secure and Robust Mechanisms, Techniques, Protocols and Algorithms >> b) Recovery capabilities, only as needed by interoperable interfaces, >> anticipating power failure, or other common failures of automated Actors >> c) Forward compatibility considerations >> d) Interface to Identity Management facilities as necessary for A) and >> B) >> e) Interface to Enterprise Directory facilities as necessary for A) and >> B) >> >> KMIP TC will also support activities to encourage adoption of KMIP. This >> would likely include: >> Interoperability sessions to test effectiveness of the specification >> Reference implementations of KMIP functionality >> >> IPR Mode under which the TC will operate: >> The KMIP TC is anticipated to operate under RF on RAND. >> >> >> Anticipated audience or users: >> KMIP is intended for the following audiences: >> >> * Architects, designers and implementers of providers and consumers of >> enterprise key management services. >> >> Language: >> Work group business and proceedings will be conducted in English. >> >> >> Non-normative information >> >> Identification of similar or applicable work: >> Similar work is currently underway in several other organizations: >> * OASIS EKMI TC. We see KMIP TC as addressing a broader scope than the >> primarily symmetric key focused EKMI, providing a more comprehensive >> protocol in which SKSML can potentially participate. >> * IEEE P1619.3. We see KMIP TC as addressing a broad scope than the >> primarily storage-related P1619.3. >> * TCG Infrastructure Working Group. We see KMIP TC as addressing a broader >> scope than the primarily TPM-related TCG IWG. >> * IETF Keyprov. We see KMIP TC as addressing a broader scope than the >> primarily mobile-related IETF Keyprov. >> >> Date, time, and location of the first meeting: >> The intended date for the first meeting is April 24th 2009, to be held as a >> Face to Face meeting in San Francisco in conjunction with the RSA >> Conference. Exact location and logistics TBD >> >> Projected on-going meeting : >> Conference calls will be held weekly, to be sponsored by one or more of the >> companies proposing the KMIP TC. These conference calls will be complemented >> by the following: >> * Face to face meetings as determined by the KMIP TC. >> * General communication will be via email reflectors with archiving provided >> by the KMIP TC. >> * KMIP TC progress will be communicated via a KMIP TC web page. >> * The KMIP TC will communicate (conference calls, joint working sessions, >> etc.) with external groups as appropriate. >> * The KMIP TC will communicate (conference calls, joint working sessions >> etc.) with internal OASIS groups (other TCs) as appropriate. >> >> Names, electronic mail addresses, and membership affiliations of at least >> Minimum Membership: >> Bob Griffin, EMC/RSA, Robert.griffin@rsa.com >> Robert Philpott, EMC/RSA, Robert.philpott@rsa.com >> Mark Schiller, HP, mark.schiller@hp.com >> Jishnu Mukerji, HP, jishnu@hp.com >> Anthony Nadalin, IBM, drsecure@us.ibm.com >> Robert Haas, IBM, nih@zurich.ibm.com >> Walt Hubis, LSI, walt.hubis@lsi.com >> Jon Geater, Thales, jon@nciper.com >> Marcus Streets, Thales, marcus.streets@thales-esecurity.com >> Martin Skagen, Brocade, mskagen@brocade.com >> Karla Thomas, Brocade, karlat@brocade.com >> Subhash Sankuratripati, NetApp, Subhash@netapp.com >> Paolo Bezoari, NetApp, Bezoari@netapp.com >> Dave B Anderson, Seagate, dave.b.anderson@seagate.com >> >> >> The name of the Convener who must be an Eligible Person: >> Robert Griffin (EMC) >> >> >> The name of the Member Section with which the TC intends to affiliate, if >> any. >> None. >> >> List of contributions of existing technical work that the proposers >> anticipate will be made to this TC: >> * KMIP Specification v0.98 >> http://xml.coverpages.org/KMIP/KMIP-v0.98-final.pdf >> * KMIP Usage Guide v0.98 >> http://xml.coverpages.org/KMIP/KMIP-UsageGuide-v0.98-final.pdf >> * KMIP Use Cases and Test Cases v0.98 >> http://xml.coverpages.org/KMIP/KMIP-UseCases-v0.98-final.pdf >> * KMIP FAQ >> http://xml.coverpages.org/KMIP/KMIP-FAQ.pdf >> >> >> Frequently Asked Questions (FAQ) document: >> TBD >> >> >> Proposed working title and acronym for the specification(s) to be developed >> by the TC. >> * KMIP Specification >> * KMIP Usage Guide >> * KMIP Use Cases and Test Cases >> * KMIP FAQ >> >> >> >> --------------------------------------------------------------------- >> >> This email list is used solely by OASIS for official consortium communications. >> >> Opt-out requests may be sent to member-services@oasis-open.org, however, all members are strongly >> encouraged to maintain a subscription to this list. > > > > --------------------------------------------------------------------- > To unsubscribe from this mail list, you must leave the OASIS TC that > generates this mail. Follow this link to all your TCs in OASIS at: > https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]