W3C | Submissions

Team Comment on the XML Key Management Specification (XKMS) Submission

W3C is pleased to receive the XML Key Management Specification (XKMS) from VeriSign Inc, Microsoft Corporation, webMethods Inc. The XKMS submission specifies protocols for distributing and registering public keys for use with XML security technologies.

The XML Signature specification purposefully avoided questions of key trust-worthiness. While the signature specification did define a few XML structures for common key types (e.g., DSAKeyValue, X509, etc.,), these structures are optional and have no affect on signature validity. Questions of trust, including confidence in a key, was out of scope of XML Signature, as it is for XML Encryption.

However, these questions about trust are critical to secure XML applications and protocols; XKMS addresses these issues in two parts: X-KISS and X-KRSS.

First, the X-KISS specification defines a protocol for a Trust service that resolves the public key information contained in an XML Signature or Encryption element. This permits a client to delegate part or all of the tasks required to process key information. This delegation is useful in that a light-weight, XML only client can delegate the processing of other formats (ASN1 encoded certificates) and their semantics (X509 semantics and path validation rules) to an external service.

Second, the X-KRSS specification defines a protocol for a web service that accepts registration of public key information. Once registered, the public key may be used in conjunction with other web services including X-KISS.

Next Steps

This submission will be referred to the attention of the XML Protocol, the XML Signature, and the XML Encryption Working Groups' email lists for the reasons stated above. This submission may also be of interest to participants of the upcoming Workshop on Web Services.

We will also investigate integration with logic as a language of trust layered on RDF, one of the advanced technology development items in the Semantic Web Activity.

Disclaimer: Placing a Submission on a Working Group/Interest Group agenda does not imply endorsement by either the W3C Staff or the participants of the Working Group/Interest Group, nor does it guarantee that the Working Group/Interest Group will agree to take any specific action on a Submission.

Joseph Reagle, Team Contact for the XML Signature and XML Encryption Working Groups <reagle@w3.org>