OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

kmip message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [kmip] requesting Special Majority ballot for KMIP TC re-charter

Hi Chet –


Thanks for the clarifications!


As you requested, I’ve included below the proposal for re-chartering the KMIP TC according to the TC-process.  Given the schedule constraints, I’ve requested the date of the 1st meeting to be a conference call (rather than face-to-face) on Thursday 10-October-2013 at 4 pm Eastern Time (usual time for our KMIP TC conference calls).





(1)(a) The name of the TC:

OASIS Key Management Interoperability Protocol (KMIP) Technical Committee

(1)(b) Statement of Purpose:

The KMIP Technical Committee will develop specification(s) for the interoperability of key management services with key management clients. The specifications will address anticipated customer requirements for key lifecycle management (generation, refresh, distribution, tracking of use, life-cycle policies including states, archive, and destruction), key sharing, and long-term availability of cryptographic objects of all types (public/private keys and certificates, symmetric keys, and other forms of "shared secrets") and related areas.

(1)(c) Scope:

The initial goal is to define an interoperable protocol for standard communication between key management servers, and clients and other actors which can utilize these keys. Secure key management for TPMs (Trusted Platform Modules) and Storage Devices will be addressed. The scope of the keys addressed is enterprise-wide, including a wide range of actors: that is, machine, software, or human participants exercising the protocol within the framework. Actors for KMIP may include:

    • Storage Devices
    • Networking Devices
    • Personal devices with embedded storage (e.g. Personal Computers, Handheld Computers, Cell Phones)
    • Users
    • Applications
    • Databases
    • Operating Systems
    • Input/Output Subsystems
    • Management Frameworks
    • Key Management Systems
    • Agents

Out of scope areas include:

    • Implementation specific internals of prototypes and products
    • Multi-vendor Key Management facility mirrors or clusters
    • Definition of an architectural design for a central enterprise key management or certificate management system other than any necessary models, interfaces and protocols strictly required to support interoperability between Actors in the multi-vendor certificate and key management framework.

(1)(d) List of deliverables:

The deliverables for the KMIP Technical Committee are anticipated to include the following:

    • Revised KMIP Specification. This provides the normative _expression_ of the protocol, including objects, attributes, operations and other elements. A Committee Specification is scheduled for completion within 12 months of the first TC meeting.
    • Revised KMIP Profiles. This provides the normative _expression_ of conformant implementations of the protocol. A Committee Specification is scheduled for completion within 12 months of the first TC meeting.
    • Revised KMIP Usage Guide. This provides illustrative and explanatory information on implementing the protocol, including authentication profiles, implementation recommendations, conformance guidelines and security considerations. A Committee Note is scheduled for completion within 12 months of the first TC meeting.
    • Revised KMIP Use Cases. This provides illustrative use cases for KMIP. A Committee Note is scheduled for completion within 12 months of the first TC meeting. 
    • Revised KMIP Test Cases. This provides  illustrative test cases for KMIP and examples of the protocol implementing those test cases. A Committee Note is scheduled for completion within 12 months of the first TC meeting.
    • Revised KMIP Frequently Asked Questions. This illustrative document provides guidance on what KMIP is, the problems it is intended to address and other frequently asked questions.

KMIP, as defined in the above deliverables, will be scoped to include the following:

1.                       Comprehensive Key and Certificate Lifecycle Management Framework

      1. Lifecycle Management Framework to Include:
        1. Provisioning of Keys and Certificates
          1. Creation
          2. Distribution
          3. Exchange/Interchange
          4. Auditing
        1. Reporting
        2. Logging (Usage tracking)
        3. Backup
        4. Restore
        5. Archive

g.      Update/Refresh

h.      Management of trust mechanisms between EKCLM (Enterprise Key and Certificate Lifecycle Management) actors only as necessary to support EKCLM

B.     Comprehensive Key and Certificate Policy Framework to include:

        1. Creation
        2. Distribution
        3. Exchange/Interchange
        4. Auditing
        5. Reporting
        6. Logging (Usage tracking)
        7. Backup
        8. Restore
        9. Archive
        10. Update/Refresh
        11. Expectation of Policy Enforcement
          1. At endpoints
          2. At Key Manager
          3. At intermediaries between endpoints and Key Manager facility

C.     Interoperability between Machine Actors in performing all aspects of A) and B), and addressing:

        1. pre-provisioning and late binding of keys and certificates
        2. support for hierarchical or delegation or direct models
        3. actor discovery and enrollment as necessary to support ECKLM
        4. key, certificate and policy migration
        5. audit and logging facilities

D.    General Capabilities may include:

        1. Secure and Robust Mechanisms, Techniques, Protocols and Algorithms
        2. Recovery capabilities, only as needed by interoperable interfaces, anticipating power failure, or other common failures of automated Actors
        3. Forward compatibility considerations
        4. Interface to Identity Management facilities as necessary for A) and B)
        5. Interface to Enterprise Directory facilities as necessary for A) and B)

KMIP TC will also support activities to encourage adoption of KMIP. This would likely include:

    • Interoperability sessions to test effectiveness of the specification
    • Reference implementations of KMIP functionality

(1)(e) IPR Mode under which the TC will operate:

The KMIP TC is anticipated to operate under RF on RAND.

(1)(f) Anticipated audience or users:

KMIP is intended for the following audiences:

    • Architects, designers and implementers of providers and consumers of enterprise key management services.

(1)(g) Language:

Work group business and proceedings will be conducted in English.

(2)(a) Identification of Similar Work

No active work is being done in this area by another OASIS TC nor as a major effort by another organization. KMIP has achieved significant success as the most important key management standard in the industry since the establishment of the KMIP TC in February 2009. The experience of the past 4 years has led the KMIP TC members to identify areas that should be addressed by the standard but that were excluded under the existing charter. Re-chartering KMIP TC enables the TC to address these areas.

(2)(b)  First meeting


The first meeting will be held via telephone conference call on Thursday 10-Oct-2013 at 4 pm Eastern Time (US). EMC Corporation, as sponsor,  will provide the conference call bridge for the first meeting.


(2)(c) Meeting schedule


The KMIP TC will meet via teleconference at least twice monthly. As with the current KMIP TC meetings, EMC Corporation will serve (at least initially) as sponsor of the meetings.


(2)(d)  Not required for re-chartering


(2)(e) Not required for re-chartering


(2)(f) Convener


The convener is Robert Griffin (EMC Corporation), current KMIP TC co-chair.


(2)(g) Member Section


As with the current KMIP TC, the re-chartered KMIP TC will affiliate with the IDtrust Member Section.


(2)(h) Contributions


The existing KMIP TC will contribute the following technical work to the re-chartered KMIP TC:

    • KMIP Specification V1.2 Committee Specification Draft
    • KMIP Profiles V1.2 Committee Specification Draft
    • KMIP Usage Guide V1.2 Committee Note Draft
    • KMIP Use Cases V1.2 Committee Note Draft.
    • KMIP Test Cases V1.2 Committee Note Draft
    • All individual KMIP Profiles approved by the KMIP as Committee Specification Drafts
    • KMIP Frequently Asked Questions.

(2)(i) Frequently Asked Questions


The current KMIP FAQ is available at https://www.oasis-open.org/committees/kmip/faq.php.


(2)(j) Working Title and Acronym


Key Management Interoperability Protocol will continue to be represented by the acronym KMIP.



From: Chet Ensign [mailto:chet.ensign@oasis-open.org]
Sent: Samstag, 24. August 2013 01:50
To: Griffin, Robert
Cc: kmip@lists.oasis-open.org; Paul Knight (paul.knight@oasis-open.org)
Subject: Re: [kmip] requesting Special Majority ballot for KMIP TC re-charter


Hi Bob, 


I meant to get this to you sooner but it has been one of those days… 


Here are some notes for you on the next steps and dates: 


Rechartering is covered in the TC Process at https://www.oasis-open.org/policies-guidelines/tc-process#rechartering 


Note in particular: 


- "A proposal to recharter the TC must be made by Resolution and submitted to the TC Administrator. The proposal shall follow the rules for a proposal to form a new TC as specified in section 2.2 excluding items 2(d) and 2(e)."


So your draft charter has to be like an original charter for a TC. It has to be submitted to me as a plain text email and it must include all the sections of an original charter save for (2)(d) co-proposers and (2)(e) primary rep statements of support. So you will need to provide the other sections of the charter as well. Convener - yes and also a statement of the time and date of the first meeting - on that see the next paragraph. 


Unfortunately, the meeting date you would like to make won't work. After the revised ballot passes, I send out the revised charter in a call for participation in the rechartered TC. The same time frames apply from the call to the first meeting so, for a face-to-face, the meeting must be no sooner than 45 days from when I send it out - or 30 days if it is a teleconference. This is because, since the scope is changing, people need the opportunity review their IPR commitments again. 


So if we figure that I start the ballot next Wednesday 8/28, then it closes 9/4. If I then get the call for participation out on 9/5, the earliest date for the first meeting under the revised charter is 10/20/13 for a face-to-face or 10/5/13 for a conference call. To be on the safe side, I would add a few extra days in case of some kind of hangup. 


So far as the KMIP errata are concerned, no problem there. I believe we'll have them up by the end of next week or early the week after. 


So, to sum up next steps: 


- The motion you made is fine, I'll work from that 


- Please send me the revised charter including all sections of a charter as laid out in the TC Process save for (2)(d) and (2)(e). Send it as a plain text email. I will also use the red-line PDF so that people can see what has changed with the ballot. 


- I will then get the ballot started asap. 


Let me know if you have any questions on this. 








On Fri, Aug 23, 2013 at 6:55 AM, Griffin, Robert <robert.griffin@rsa.com> wrote:

Hi Chet –


In our KMIP TC call yesterday, we voted to request a Special Majority vote on rec-chartering the TC The motion was:


“Tim Hudson moves that the KMIP TC request OASIS administration to initiate a Special Majority ballot to determine whether the KMIP TC wishes to modify the current charter, such that bulleted items four, five and six are removed from the list of ‘out-of-scope areas’ currently defined in the charter. The specific bulleted items to be deleted (in their entirety) are:

 ·  Framework interfaces not dedicated to secure key and certificate management  

·  Certain areas of functionality related to key management are also outside the scope of this technical committee, in particular registration of clients, server-to-server communication and key migration.

·  Bindings other than tag-length-value wire protocol and XSD-based encodings.”

Seconded by Bob Lockhart and passed by unanimous voice vote with no objections or abstentions. Subhash will send you a link to the minutes as quickly as possible.

I’ve attached a change-bar version of the charter that shows this deletion. In the document, I also made editorial corrections to the deliverables, to reflect the current KMIP V1.2 Committee Spec Draft and Committee Note Draft documents which will be submitted as contributions to the re-chartered TC.

We would like to request that the first meeting of the re-chartered KMIP TC be our face-to-face on Wednesday 18-sep-2013 at the NetApp facility in Mountain View, CA.  Is it possible to do that, in terms of schedule for the ballot, announcements and so on?  Also, we will want the KMIP V1.1 Errata to be published under the existing TC, is this doable within the time frame for convening the re-charteredTC on 18-Sep?

If you need to specify a convener for the re-chartered KMIP TC, I’m happy to take that role. Do you need any other information from us at this point in order to go ahead with setting up the ballot?

Thanks very much!





To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail.  Follow this link to all your TCs in OASIS at:



Chet Ensign
Director of Standards Development and TC Administration 
OASIS: Advancing open standards for the information society

Primary: +1 973-996-2298
Mobile: +1 201-341-1393 


Check your work using the Support Request Submission Checklist at http://www.oasis-open.org/committees/download.php/47248/tc-admin-submission-checklist.html 

TC Administration information and support is available at http://www.oasis-open.org/resources/tcadmin

Follow OASIS on:
LinkedIn:    http://linkd.in/OASISopen
Twitter:        http://twitter.com/OASISopen
Facebook:  http://facebook.com/oasis.open

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]