RSA Security Inc. Paper for W3C Workshop on XML Key Management Services (XKMS) -- Company Expectations from W3C Participation -- RSA Security Inc. would like to participate at several levels with respect to the W3C. Specifically, RSA is interested in contributing to the XML Encryption Working Group, the XML Digital Signature Working Group, and the XKMS Workshop. RSA believes its experience in the security space and its associated domain knowledge can add significant value to the efforts of these working groups. In the past, RSA's PKCS (Public-Key Cryptography Standards) documents have played a key role in promoting the use of encryption and digital signatures in all aspects of computing. RSA believes it can add similar value to the efforts of the W3C in the XML space. It is the company's belief that globally recognized standards for the encryption, decryption, and digital signature of XML documents will play a key role in the development of electronic commerce. The integration of the management systems that support XML standards will further enhance and encourage this development. RSA Security's input to the PKIX proposed delegated path processing initiative is an example of RSA's commitment to reducing PKI complexity. RSA would like to take an active role in the area of XML security, not just track the progress within the W3C working groups. In particular, RSA Security believes that XKMS can be developed as a facility for making PKI services effectively and conveniently consumable from XML-based processing environments. Infrastructure components can be shared between XML and non-XML domains permitting maximum interoperability and reducing implementation costs. RSA Security supports the creation of a W3C working group for developing XKMS and believes that liaison and harmonization with other ongoing PKI standards activities is important for the widespread acceptance of XKMS. Through this proposed participation in the W3C and by taking a active role within associated working groups, RSA expects that it will help the W3C to deliver secure XML standards that permit XML to reach its full potential. Universal access, trust, and interoperability, while allowing for the XML standards' continued evolution, are key aspects that RSA will help to achieve. In turn, RSA's future products supporting XML encryption and digital signature will be able to do so in compliance with the W3C XML standards. -- Company Background & Experience in Workshop Scope -- RSA Security Inc. is a developer of e-security products, helping organizations build secure, trusted foundations for e-business through its two-factor authentication, encryption, and public key management systems. Formed through the merger of Security Dynamics and RSA Data Security, RSA has over twenty years of market, technical and systems experience in the electronic security sector. RSA, through its products and research efforts at RSA Laboratories, has a long history of actively promoting standards development and adoption. With more than 5,000 customers, RSA Security provides technologies that help organizations conduct e-business with confidence. The company's RSA SecurID enterprise authentication products provide straightforward, hacker-proof, user authentication. The majority of electronic commerce transactions and communications that are secured and sent via the Internet today are protected using RSA Security technologies. RSA's BSAFE encryption-based security technologies are embedded in over 450 million copies of Internet applications, including Web browsers, commerce servers, email systems and virtual private network products. Both RSA SecurID and RSA BSAFE are considered de-facto standards worldwide. RSA Security also offers its customers the RSA Keon family of PKI products for enabling, managing and simplifying public key authentication and encryption security. RSA Security's involvement in the development and deployment of cryptographic technologies enables RSA to produce valuable contributions and perspective in the XKMS workshop. RSA Security is active in the development of the PKCS series, IETF-PKIX, and other cryptographic and PKI-related standards. RSA has shown commitment to providing security technologies for XML-based data formats by implementing the IETF/W3C XML Signature working group's second Candidate Recommendation for the XML digital signature specification in our BSAFE Cert-J 2.0 software development kit. Through engagement in a wide breadth of PKI-related standards activities (e.g., IETF, WAP Forum, PKI Forum), RSA hopes to support and achieve consistency among PKI standards. This consistency will ensure that common underlying PKI elements can be applied to a broad range of application environments. -- Potential Contributions and Technical Suggestions -- Drawing on its extensive experience in developing security standards, RSA Security could bring the W3C the following potential contributions and technical suggestions. RSA can provide on-going market requirements from the field from the perspective of a toolkit, desktop client, and server vendor. With an extensive interoperability lab, RSA can supply a testing framework to ensure the standards can be practically implemented. Through the company's activity as a software developer and through its participation in other standards bodies, RSA has insight into integrating XML security standards with other existing security infrastructures. RSA Security can supply effective mechanisms for developing interoperability with current PKCS specifications. This PKCS interoperability will aid in the integration of RSA PKI cryptography and authentication methods into the XML standards. Active in many standards groups, RSA has the resources and experience to provide exceptional auditing and assessment of security standards. RSA Security has opinions concerning delegated path processing solutions and possible alternatives and may propose technical suggestions with regard to these features. Upon further consideration of the relationship between XKMS and XML, RSA may also put forward submissions in the area of XML Policies influenced by RSA's associated domain expertise. The W3C XML standards series will benefit by taking advantage of RSA Security's experience and research capabilities in the working groups.