OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

kmip message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RSA Conference pass for first meeting of OASIS Key Management Interoperability Protocol (KMIP) Technical Committee

Hi -

The first meeting of the KMIP TC is planned for Friday 24-April-2009,
9am to 5pm PDT, in conjunction with the RSA Conference in San Francisco.
We are confirmed for conference room West Mezzanine 274/276 in the
Moscone Conference Center. There will also be a conference bridge
available for those who are not able to attend in person.

We have a complementary RSA Conference registration code that anyone can
use who wants to attend our 24-April KMIP TC meeting, but is not
otherwise attending the RSA Conference:

  The code for the OASIS free Expo pass is 149ASIEX.  At the time of 
  registration at http://www.rsaconference.com/2009/us/registration.htm,
  select the Expo pass ($75) and then fill in this code  where it says

  Registration Code to zero out the amount. The pass will give access to
  conference room for our Friday meeting, as well as to the exposition
  floor and keynotes on Wed-Fri.

We look forward to you joining us for this first meeting!


Bob Griffin
RSA, the Security Division of EMC

-----Original Message-----
From: Mary McRae [mailto:marypmcrae@gmail.com] On Behalf Of Mary McRae
Sent: Wednesday, March 04, 2009 3:17 PM
To: members@lists.oasis-open.org; tc-announce@lists.oasis-open.org
Cc: kmip@lists.oasis-open.org
Subject: [members] Call for Participation: OASIS Key Management
Interoperability Protocol (KMIP) Technical Committee

To:  OASIS members & interested parties

   A new OASIS technical committee is being formed. The OASIS Key
Interoperability Protocol (KMIP) Technical Committee has been proposed
the members of OASIS listed below. The TC name, statement of purpose,
list of deliverables, audience, and language specified in the proposal
constitute the TC's official charter. Submissions of technology for
consideration by the TC, and the beginning of technical discussions, may
occur no sooner than the TC's first meeting.

   The eligibility requirements for becoming a participant in the TC at
first meeting (see details below) are:

   (a) you must be an employee of an OASIS member organization or an
individual member of OASIS, and
   (b) you must join the Technical Committee, which members may do by
the "Join this TC" button on the TC's public page at [a].

   To be considered a voting member at the first meeting, you must:
   (a) join the Technical Committee at least 15 days prior to the first
meeting; and
   (b) you must attend the first meeting of the TC, at the time and date
fixed below.

Of course, participants also may join the TC at a later time. OASIS and
TC welcomes all interested parties.

   Non-OASIS members who wish to participate may contact us about
OASIS [b]. In addition, the public may access the information resources
maintained for each TC: a mail list archive, document repository and
comments facility, which will be linked from the TC's public home page

   Please feel free to forward this announcement to any other
lists. OASIS is an open standards organization; we encourage your



Mary P McRae
Director, Technical Committee Administration
OASIS: Advancing open standards for the information society
email: mary.mcrae@oasis-open.org  
web: www.oasis-open.org
phone: 1.603.232.9090

[a] http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=kmip 
[b] See http://www.oasis-open.org/join/

OASIS Key Management Interoperability Protocol (KMIP) Technical

Statement of purpose: 
The KMIP Technical Committee will develop specification(s) for the
interoperability of key management services with key management clients.
specifications will address anticipated customer requirements for key
lifecycle management (generation, refresh, distribution, tracking of
life-cycle policies including states, archive, and destruction), key
sharing, and long-term availability of cryptographic objects of all
(public/private keys and certificates, symmetric keys, and other forms
"shared secrets") and related areas.

The initial goal is to define an interoperable protocol for standard
communication between key management servers, and clients and other
which can utilize these keys. Secure key management for TPMs (Trusted
Platform Modules) and Storage Devices will be addressed. The scope of
keys addressed is enterprise-wide, including a wide range of actors:
is, machine, software, or human participants exercising the protocol
the framework. Actors for KMIP may include:

* Storage Devices
* Networking Devices
* Personal devices with embedded storage (e.g. Personal Computers,
Computers, Cell Phones)
* Users
* Applications
* Databases
* Operating Systems
* Input/Output Subsystems
* Management Frameworks
* Key Management Systems
* Agents

Out of scope areas include:
* Implementation specific internals of prototypes and products
* Multi-vendor Key Management facility mirrors or clusters
* Definition of an architectural design for a central enterprise key
management or certificate management system other than any necessary
interfaces and protocols strictly required to support interoperability
between Actors in the multi-vendor certificate and key management
* Framework interfaces not dedicated to secure key and certificate
* Certain areas of functionality related to key management are also
the scope of this technical committee, in particular registration of
clients, server-to-server communication and key migration.
* Bindings other than tag-length-value wire protocol and XSD-based

List of deliverables: 
The deliverables for the KMIP Technical Committee are anticipated to
the following:
* Revised KMIP Specification v0.98. This provides the normative
of the protocol, including objects, attributes, operations and other
elements. A Committee Specification is scheduled for completion within
months of the first TC meeting. 
* Revised KMIP Usage Guide v0.98. This provides illustrative and
information on implementing the protocol, including authentication
implementation recommendations, conformance guidelines and security
considerations. A Committee Specification is scheduled for completion
12 months of the first TC meeting. 
* Revised KMIP Use Cases and Test Cases v0.98. This provides sample use
cases for KMIP, test cases for implementing those use cases, and
examples of
the protocol implementing those test cases. A Committee Specification is
scheduled for completion within 12 months of the first TC meeting.
* Revised KMIP Frequently Asked Questions. This document provides
on what KMIP is, the problems it is intended to address and other
asked questions.

KMIP, as defined in the above deliverables, will be scoped to include
1) Comprehensive Key and Certificate Lifecycle Management Framework
  A. Lifecycle Management Framework to Include:
    a) Provisioning of Keys and Certificates
       i) Creation
      ii) Distribution
     iii) Exchange/Interchange
      iv) Auditing
    b) Reporting
    c) Logging (Usage tracking)
    d) Backup
    e) Restore
    f) Archive
    g) Update/Refresh
    h) Management of trust mechanisms between EKCLM (Enterprise Key and
Certificate Lifecycle Management) actors only as necessary to support
  B. Comprehensive Key and Certificate Policy Framework to include:
    a) Creation
    b) Distribution
    c) Exchange/Interchange
    d) Auditing
    e) Reporting
    f) Logging (Usage tracking)
    g) Backup
    h) Restore
    i) Archive
    j) Update/Refresh
    k) Expectation of Policy Enforcement
       i) At endpoints
      ii) At Key Manager
     iii) At intermediaries between endpoints and Key Manager facility
  C. Interoperability between Machine Actors in performing all aspects
of A)
and B), and addressing:
    a) pre-provisioning and late binding of keys and certificates
    b) support for hierarchical or delegation or direct models
    c) actor discovery and enrollment as necessary to support ECKLM
    d) key, certificate and policy migration
    e) audit and logging facilities
  D. General Capabilities may include:
    a) Secure and Robust Mechanisms, Techniques, Protocols and
    b) Recovery capabilities, only as needed by interoperable
anticipating power failure, or other common failures of automated Actors
    c) Forward compatibility considerations
    d) Interface to Identity Management facilities as necessary for A)
    e) Interface to Enterprise Directory facilities as necessary for A)

KMIP TC will also support activities to encourage adoption of KMIP. This
would likely include: 
Interoperability sessions to test effectiveness of the specification
Reference implementations of KMIP functionality 

IPR Mode under which the TC will operate: 
The KMIP TC is anticipated to operate under RF on RAND.

Anticipated audience or users:
KMIP is intended for the following audiences:

* Architects, designers and implementers of providers and consumers of
enterprise key management services.

Work group business and proceedings will be conducted in English.

Non-normative information

Identification of similar or applicable work: 

Similar work is currently underway in several other organizations:
* OASIS EKMI TC. We see KMIP TC as addressing a broader scope than the
primarily symmetric key focused EKMI, providing a more comprehensive
protocol in which SKSML can potentially participate. 
* IEEE P1619.3. We see KMIP TC as addressing a broad scope than the
primarily storage-related P1619.3.
* TCG Infrastructure Working Group. We see KMIP TC as addressing a
scope than the primarily TPM related TCG IWG.
* IETF Keyprov. We see KMIP TC as addressing a broader scope than the
primarily mobile-related IETF Keyprov.

KMIP TC intends to establish liaisons with each of these organizations
may also establish liaisons with other organizations that are identified
focused on similar or applicable work.

Date, time, and location of the first meeting: 
The date for the first meeting is April 24th 2009, from 9am PDT until
PDT, to be held as a Face to Face meeting in San Francisco in
with the RSA Conference. Call-in facilities will be provided for those
unable to attend in person. 

Projected on-going meeting: 
Conference calls will be held weekly, to be sponsored by one or more of
companies proposing the KMIP TC. These conference calls will be
by the following: 
* Face to face meetings as determined by the KMIP TC.
* General communication will be via email reflectors with archiving
by the KMIP TC.
* KMIP TC progress will be communicated via a KMIP TC web page.
* The KMIP TC will communicate (conference calls, joint working
etc.) with external groups as appropriate.
* The KMIP TC will communicate (conference calls, joint working sessions
etc.) with internal OASIS groups (other TCs) as appropriate. 

Names, electronic mail addresses, and membership affiliations of at
Minimum Membership:
Robert Griffin, EMC/RSA, Robert.griffin@rsa.com 
Robert Philpott, EMC/RSA, Robert.philpott@rsa.com 
Mark Schiller, HP, mark.schiller@hp.com 
Jishnu Mukerji, HP, jishnu@hp.com 
Anthony Nadalin, IBM, drsecure@us.ibm.com 
Robert Haas, IBM, rha@zurich.ibm.com 
Walt Hubis, LSI, walt.hubis@lsi.com 
Jon Geater, Thales, jon.geater@thales-esecurity.com
Marcus Streets, Thales, marcus.streets@thales-esecurity.com 
Martin Skagen, Brocade, mskagen@brocade.com 
Karla Thomas, Brocade, karlat@brocade.com 
Scott Kipp, Brocade, skipp@brocade.com
Subhash Sankuratripati, NetApp, Subhash@netapp.com 
Paolo Bezoari, NetApp, Bezoari@netapp.com 
Dave B Anderson, Seagate, dave.b.anderson@seagate.com 
Landon Curt Noll, Cisco, chongo@cisco.com

The name of the Convener who must be an Eligible Person: 
Robert Griffin (EMC)

The name of the Member Section with which the TC intends to affiliate,
The KMIP TC intends to affiliate with the IDtrust Member Section.

List of contributions of existing technical work that the proposers
anticipate will be made to this TC:
* KMIP Specification v0.98 
* KMIP Usage Guide v0.98
* KMIP Use Cases and Test Cases v0.98

Frequently Asked Questions (FAQ) document: 
See preceding list of contributions.

Proposed working title and acronym for the specification(s) to be
by the TC. 
* KMIP Specification
* KMIP Usage Guide
* KMIP Use Cases and Test Cases


This email list is used solely by OASIS for official consortium

Opt-out requests may be sent to member-services@oasis-open.org, however,
all members are strongly encouraged to maintain a subscription to this

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]