OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

kmip message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Key Management Interoperability Protocol (KMIP) 1.0 Receives Approvalas OASIS Standard

Aetna, Axway, Brocade, CA Technologies, Cisco, EMC, HP, IBM, Oracle,
Red Hat, SafeNet, Skyworth TTG, Symantec, Target, U.S. National
Institute of Standards and Technology, Venafi, Voltage Security,
Vormetric, and Others Advance Open Standard for IT Security,
Compliance, and Data Recovery

Boston, MA, USA; 14 October 2010 – The OASIS open standards consortium
today announced  approval of the Key Management Interoperability
Protocol (KMIP) version 1.0. Developed through a collaboration of more
than 30 vendors and end user organizations, KMIP enables communication
between key management systems and cryptographically-enabled
applications, including email, databases, and storage devices.  KMIP
and the related KMIP Profiles are now official OASIS Standards, a
status that signifies the highest level of ratification.

“KMIP fills a real void,” said  Jon Oltsik, Principal Analyst at the
Enterprise Strategy Group. “The challenge of administering multiple
data security systems has become more widespread as new technologies
with built-in encryption gain acceptance. KMIP can succeed, not only
because of the breadth of devices it supports, but also because of the
very clear rules it imposes on methods of key management

KMIP simplifies the way companies manage cryptographic keys,
eliminating the need for redundant, incompatible key management
processes. Key lifecycle management — including the generation,
submission, retrieval, and deletion of cryptographic keys — is enabled
by the standard.  Designed for use by both legacy and new
cryptographic applications, KMIP supports many kinds of cryptographic
objects, including symmetric keys, asymmetric keys, digital
certificates, and authentication tokens.

“KMIP enables a new generation of enterprise key management, fully
interoperable across the broad range of cryptographic capabilities
that are required for effective security,” said Robert Griffin of
EMC/RSA, co-chair of the OASIS KMIP Technical Committee. “KMIP's
approval as an OASIS Standard represents a milestone for all
enterprises that are concerned with the security of their information,
identities, and infrastructure.”

“Development of KMIP was enriched by participation from across the
public and private sectors,” added Subhash Sankuratripati of NetApp,
co-chair of the OASIS KMIP Technical Committee. “In addition to having
most of the major software and security vendors involved, government
agencies  including U.S. NIST and NSA, and large end users, including
Aetna and Target, also contributed.”

KMIP is offered for implementation on a royalty-free basis.
Participation in the OASIS KMIP Technical Committee is open to all
companies, non-profit groups, governments, academic institutions, and
individuals. As with all OASIS projects, archives of the Committees'
work are accessible to both members and non-members, and OASIS hosts
an open mail list for public comment.

Support for KMIP

CA Technologies
“The IT industry today is enabling commerce and improving efficiencies
on a global scale. In order to help ensure these business transactions
and operations are secure, encryption is widely used, making
encryption key management a critical issue,” said Tim Brown, chief
security architect and senior vice president, CA Technologies. “The
adoption of the cloud will compound encryption use and add to the
complexity of the key management. CA Technologies sees the KMIP
standard as a important step toward enabling scalable key management
solutions and seamless interoperability across a variety of encryption
products and vendors.”

“KMIP dramatically increases data center security by introducing the
first open standard protocol for key management. The protocol enables
interoperable solutions for the automated management of the lifecycle
of cryptographic keys, which will be beneficial for cloud storage and
computing,” said Dr. Robert Haas, manager of Storage Systems Research
at IBM Research – Zurich, co-editor of   KMIP 1.0.

“In order to thrive, organizations must collaborate by sharing data
across employees, suppliers, partners and customers while maintaining
high levels of data security and compliance,” said Chris Whitener,
HP's chief security strategist. “HP’s investment in developing the new
KMIP OASIS Standard demonstrates our commitment to simplified, secure,
converged IT infrastructures using efficient key management to protect
data security and privacy.”

“RSA and EMC are very pleased to see the approval of KMIP 1.0 as an
OASIS Standard. We have been a leader in and contributor to this
effort since its very beginning, when we were responding to the needs
of customers who demanded strong key management systems,” said Bret
Hartman, chief technology officer, RSA, The Security Division of EMC.
“We look forward to seeing KMIP implemented across the industry,
enabling a security ecosystem that fully supports enterprises in their
move towards virtualization and cloud.”

“In order to protect vital assets and address regulatory requirements,
enterprises are becoming increasingly reliant upon encryption.
However, in most enterprises, encryption has been managed in a
disparate, ad hoc fashion, which can present risks to the security of
information, result in data loss, and prove very costly,” said Rami
Shalom, vice president, product management, data encryption and
control, SafeNet. “By supporting KMIP 1.0 and KMIP Profiles 1.0, now
approved as OASIS Standards, SafeNet will enable its customers to
centrally manage encryption efforts across the entire organization,
address regulatory requirements, and get the most value out of

“Vormetric’s mission is to simplify encryption and key management for
the enterprise. To that end, we have been very pleased to play our
part in advancing the OASIS KMIP key management standard,” said
Richard Gorman, president and CEO of Vormetric.

Additional information:
OASIS KMIP Technical Committee

Cover Pages: KMIP References

About OASIS:
OASIS (Organization for the Advancement of Structured Information
Standards) drives the development, convergence, and adoption of open
standards for the global information society. A not-for-profit
consortium, OASIS advances standards for SOA, security, Web services,
documents, e-commerce, government and law, localisation, supply
chains, XML processing, and other areas of need identified by its
members. OASIS open standards offer the potential to lower cost,
stimulate innovation, grow global markets, and protect the right of
free choice of technology. The consortium has more than 5,000
participants representing over 600 organizations and individual
members in 100 countries. http://www.oasis-open.org

Press contact:
Carol Geyer
OASIS Senior Director, Communications
+1 (781) 425-5073  x209

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]