OASIS Members Form Committee to Standardize Symmetric Encryption Key Management Across the Enterprise

["Carol Geyer" <carol.geyer@oasis-open.org>]

** Please link to this press release at
http://www.oasis-open.org/news/oasis-news-2007-06-25.php **

OASIS Members Form Committee to Standardize Symmetric Encryption Key Management
Across the Enterprise 
   
25 June 2007 - Members of the OASIS international consortium have formed a
committee to develop an open standard for managing symmetric encryption
cryptographic keys across the enterprise. The OASIS Enterprise Key Management
Infrastructure (EKMI) Technical Committee is working to standardize a royalty
free Web services protocol that will enable client applications to request
symmetric key-management services of a network-based server.  The Committee is
also working towards creating implementation, operations and audit guidelines
for EKMI and an interoperability test suite to ensure compliant implementations
of the protocol.

"The life cycle of encryption keys is incredibly important. As enterprises
deploy ever-increasing numbers of encryption solutions, they often find
themselves managing silos with inconsistent policies, availability, and
strength of protection. Enterprises need to maintain keys in a consistent way
across various applications and business units," said Trent Henry, senior
analyst, Burton Group. "EKMI will be an important step in addressing this
problem in an open, cross-vendor manner."

The EKMI Technical Committee is part of the OASIS IDtrust Member Section, a
group of that brings together companies, public sector agencies, and research
institutions from around the world to promote greater understanding and use of
standards-based technologies, policies, and practices for identity and trusted
infrastructure. 
 
"We believe that key management must become as generic a service as the Domain
Name Service (DNS), applicable and accessible to anything that needs its
services," noted Arshad Noor, chair of the OASIS EKMI Technical Committee.
"Given the effort that companies must expend in encrypting sensitive data and
managing encryption keys, it behooves them to do it right, and to do it just
once. Encrypting anywhere other than at the application layer will require data
custodians to revisit the problem again."

"The basic technologies for asymmetric key e-signatures have been around for
years, but so have questions about how to best use and manage them," noted
James Bryce Clark, director of standards development for OASIS. "The goal of
the EKMI effort is to provide a clear set of answers."

Representatives of Red Hat, the United States Department of Defense, Visa, and
others make up the OASIS EKMI Technical Committee. Participation remains open
to all companies, non-profit groups, governments, academic institutions, and
individuals. 

The OASIS EKMI Technical Committee operates under the Royalty Free on Limited
Terms mode, as defined by the OASIS Intellectual Property Rights Policy. As
with all OASIS projects, archives of the Committee's work are accessible to
both members and non-members, and OASIS offers a mechanism for public comment. 


Additional information:

OASIS EKMI Technical Committee
http://www.oasis-open.org/committees/ekmi/

EKMI FAQ
http://www.oasis-open.org/committees/ekmi/faq.php

OASIS IDtrust Member Section
http://www.oasis-idtrust.org/


About OASIS:

OASIS (Organization for the Advancement of Structured Information Standards) is
a not-for-profit, international consortium that drives the development,
convergence, and adoption of e-business standards. Members themselves set the
OASIS technical agenda, using a lightweight, open process expressly designed to
promote industry consensus and unite disparate efforts. The consortium produces
open standards for Web services, security, e-business, and standardization
efforts in the public sector and for application-specific markets. Founded in
1993, OASIS has more than 5,000 participants representing over 600
organizations and individual members in 100 countries.
http://www.oasis-open.org


Press contact:

Carol Geyer
OASIS Director of Communications
carol.geyer@oasis-open.org
+1.978.667.5115 x209 (office)
+1.941.284.0403 (mobile)