Mack Hicks, Bank of America
The financial services industry has been a leading proponent of PKI. However, deployment has proven to be difficult due to the complexity of application integration and interoperability. With the arrival of XML and related standards such as XML Digital Signature and Encryption, the foundation to simplify the deployment of PKI through XML is within reach. XKMS represents an important milestone by providing a means for relying applications to delegate some more complex PKI tasks to a Trust Service.
We agree with Phillip Hallam-Baker’s description of scope for XKMS.
Our requirements place more importance on the support of relying party operations such as key location and validation (XKISS). For these operations we do not see a need for a separate requirements analysis step.
The financial institutions operate in a four-corner model as exemplified by Identrus. However, at this point it too early in XML PKI deployment to attempt to move trust through four corner or bridge models. Instead we would like the relying application to interact via XKMS protocols for key location and validation with its financial institution. The financial institutions network of trust will service PKI requests through its own trust networks. The trust network may (we believe should) use XKMS for infrastructure, but the goal of this working group should focus on the simplification for the relying application and not the furtherance of any particular infrastructure.