{peter.lipp, arno.hollosi}@iaik.at
institute for applied information processing and communications
graz university of technology

XML Key Management Services - Position Paper

1) Experience

Your experience in the areas covered by the Workshop scope (W3C technologies testing, etc)

IAIK has a long-term experience in cryptographic and digital signatures technology. Within the W3C-activities, IAIK has participated in the Digital Signature Initiative as well as XMLDsig, and we are following the XML-encryption activities. IAIK has developed one of the implementations of XML-Signature and is currently working with ETSI in defining the XML-format of the ETSI TS 101.733 - standard.

Members of IAIK are also involved in other standardization areas within the European Digital Signature standardisation within ETSI and CEN/ISSS.

2) Needs

What are the needs of your company/organization in the field of XMK Key Management Services.

The PKI-group within IAIK has a long-term research background on PKI (ICE-TEL, ICE-CAR, AIDA, Qualisign and other projects). Looking for new directions we found that we should develop a strong focus on XML and PKI. This is not a decision to follow the lemmings; no, we think that this gives us the chance to work on new paradigms. XML Key Management is definitely one part.

We see XKMS as one important building stone of a XML based PKI environment. To that end we focus on how XKMS fits into this broader vision, how it interacts with other technologies (such as SAML and SemanticWeb), and consider possible security and privacy implications.

3) Expectations

What are your general expectations on the final outputs of the workshop?

We would consider the workshop to be successful, if a good requirements document results, that does not necessarily restrict itself to the current XKMS-proposal, and is supported by most participants. The role of XKMS within a PKI environment and its interaction with related technologies (e.g. SOAP, SAML) should be well defined.

Also, a consent on the scope and timeline of further activity should be reached.

4) Contributions and ideas

What are your potential contributions to the discussion, related ideas, and suggested solutions? A well-defined technical contribution may accompany the position paper as an appendix.

Our potential contributions are evaluation of security and privacy aspects, conceiving possible use cases and scenarios, and evaluation of these scenarios. Furthermore, we consider adding support for XKMS (client and server side) in our java cryptography suite (see http://jcewww.iaik.at/).

As XKMS allows us to persue new paradigms we feel that it should not be restricted by limitations of the current PKI technologies such as PKIX, SPKI, or PGP. That is, a key requirement (and indeed a goal of XKMS) is that the underlying PKI is transparent to the client (if the client so wishes). Thus we will bring in a more high-level view of the goals and scope of XKMS and focus our attention on the actual needs of XML security applications.

About IAIK

The institute for applied information processing and communications (IAIK) is characterised by its activities dedicated to three areas:

Applied research: IAIK's research is directed towards several applied fields like computer networking, embedded systems, system-on-chip design, computer security, and information security. IAIK emphasizes an integrated view between these areas. Projects typically include several topics mentioned, and in this manner should lead to innovative solutions. When compared with industrial research, IAIK's research tends to run at a higher risk level; we thus are willing to tackle research problems which are typically not found in Austrian's industry.

Advisory board: Observing rapidly-evolving technologies like information security, networking, and system-on-chip design, IAIK consults public and private institutions, both, national and international. Considering the migration towards a global information society, such advisory services are of paramount importance. IAIK emphasizes the independent position of its consulting activities.

Teaching: Teaching topics follow IAIK's research interests. In addition, we emphasize new teaching methods: Students work project-oriented and follow an inter-disciplinary approach; Moreover, we encourage team-results, independent work, and integration of up-to-date research problems. With this teaching method we try to meet the dynamics of knowledge creation and face the short life cycles of relevant knowledge. This method proves also adequate when trying to cope with the requirements from the industry at one end, and the goal to offer a proper scientific education at the other end.