World Wide Web Consortium Issues XML Key Management System (XKMS) 2.0 as a W3C Recommendation

Author(s) and publish date


XKMS 2.0 Adds Public Key Management to Web Applications, Web Services

Testimonials -- 28 June 2005 -- W3C has approved the XML Key Management System 2.0 (XKMS 2.0, XKMS 2.0 Bindings) as a W3C Recommendation. XKMS 2.0 is part of the W3C XML Security Framework, which includes the XML Signature, XML Encryption, and Canonical XML Recommendations. XKMS, a cornerstone of Web applications security, adds public key management to the W3C XML Security Framework.

Key Management is Essential for Web Services Security

Web applications and services security rely on interoperable components that make it possible to sign, seal, encrypt, and exchange electronic documents. All of these functions rely on management and processing of public keys. Before XKMS, these services lacked openly specified, non-proprietary interfaces (APIs). Today, XKMS offers an open, standards-based interface to key management services that has already demonstrated its utility in distributed enterprise security applications.

XKMS 2.0 Makes PKI Work Better between Enterprises

XKMS 2.0 makes public key infrastructure (PKI) practical to implement in Web applications, including Web services. Standards-based key management enables one to communicate identity across applications and systems, including in Web services applications operating across different trust boundaries.

Traditionally, the common PKI operations (public key certificate management, localization, parsing, and validation operations) are difficult to integrate into existing applications because they add overhead and must be hard-coded for a given PKI. XKMS 2.0 improves PKI deployment by delegating those operations to a server by means of low overhead protocols. At the same time, it is open enough to be used with any public certificate format, chosen by developers to meet application requirements.

XKMS 2.0 Streamlines Enterprise-Level Applications

In real world scenarios, XKMS 2.0 systems streamline enterprise-level applications. All decisions as to the type of public key certificate format, revocation, and so on can be handled directly at the server and transparently to the applications themselves. This will not only help third parties provide PKI operations in an interoperable way, it will also allow companies to install their own XKMS 2.0 servers for applications pertaining to local intranets. Furthermore, enterprises running XKMS 2.0 servers can handle key exchange and management at the server level, rather than at the client level, which makes for a single point of coordination, rather than requiring clients within an enterprise to be aware of each other.

Security Experts, Industry Leaders Drive XKMS 2.0 Development

XKMS 2.0 was developed by the W3C XML Key Management Working Group, and included W3C Members DataPower, Microsoft, Nokia, Oracle, Sun Microsystems, VeriSign and webMethods, along with invited experts co-chairs Stephen Farrell and Shivaram Mysore, Guillermo Alvaro Rey, Berin Lautenbach, Tommy Lindberg, Roland Lockhart and Yunhao Zhang. For more information on implementation and support of the new Recommendation, please review the XKMS 2.0 testimonials.

About the World Wide Web Consortium [W3C]

The W3C was created to lead the Web to its full potential by developing common protocols that promote its evolution and ensure its interoperability. It is an international industry consortium jointly run by the MIT Computer Science and Artificial Intelligence Laboratory (MIT CSAIL) in the USA, the European Research Consortium for Informatics and Mathematics (ERCIM) headquartered in France and Keio University in Japan. Services provided by the Consortium include: a repository of information about the World Wide Web for developers and users, and various prototype and sample applications to demonstrate use of new technology. To date, nearly 400 organizations are Members of the Consortium. For more information see


Contact Americas, Australia --
Janet Daly, <>, +1.617.253.5884 or +1.617.253.2613
Contact Europe, Africa and the Middle East-
Marie-Claire Forgue, <>, +33.492.38.75.94
Contact Asia --
Yasuyuki Hirakawa <>, +81.466.49.1170

Testimonials for XKMS 2.0 Recommendation

DataPower | Oracle Corporation | XMLsec Inc.


DataPower's XS40 XML Security Gateway has long supported XKMS since early 2003. As the most widely deployed XML Web services security gateway among the Global 1000 and large government agencies, our extensive experience has demonstrated that XML Web services are a highly effective way to offer application security as a service to achieve 'separation of concerns' best practices and reduce the complexity of Web services security. In this way, XKMS 2.0 aims to improve PKI deployments and simplify application security by moving digital-signature handling and encryption out of the applications themselves and provide PKI as an easy-to-use service instead.

-- Rich Salz, Chief Security Architect, DataPower

Oracle Corporation

XKMS provides PKI integration capabilities that will facilitate and accelerate the adoption of Web services. Oracle was pleased to provide a reference implementation for the XKMS 2.0 specification; we look forward to supporting the specification in Oracle Application Server as XKMS gains widespread deployment.

-- Donald Deutsch, Vice President, Standards Strategy and Architecture, Oracle Corporation

XMLsec Inc.

In 2002, the W3C's release of the XML Signature and XML Encryption Recommendations led the way in making it much easier, thanks to XML, to integrate cryptography into applications. However, until now, application developers still had to use challenging, non-XML protocols for the key management aspects of cryptography. Now thanks to the W3C XML Key Management Specification (XKMS) Version 2.0 Recommendation which defines straight-forward XML messages and protocols for key management, the last major hurdle to fully enabling XML-based data security has been removed. As a past participant of the W3C XKMS working group, XMLsec congratulates the W3C on its release of the XKMS 2.0 Recommendation.

-- Ed Simon, President and CEO, XMLsec Inc.

Related RSS feed