OASIS Key Management Interoperability Protocol (KMIP) TC

 View Only

Request for submission of KMIP V1.0 Profiles for consideration as an OASIS standard

  • 1.  Request for submission of KMIP V1.0 Profiles for consideration as an OASIS standard

    Posted 08-04-2010 18:10
    hi -
    The KMIP co-chairs request the submission of the KMIP V1.0 Profiles to
    OASIS membership for consideration as an OASIS standard, as specified in
    the OASIS Technical Committee Process section 3.4. Please let us know of
    any additions or changes that you need to these requests?
    
    thanks!
    
    Bob Griffin /  Subhash Sankuratripati
    co-chairs, KMIP Technical Committee
    
    Simultaneously with the approval of a Committee Specification or at a
    later date, and after three Statements of Use have been presented to the
    TC, a TC may resolve by Special Majority Vote to submit the Committee
    Specification to the Membership of OASIS for consideration as an OASIS
    Standard. Upon resolution of the TC to submit the specification, its
    Chair shall submit the following items to the TC Administrator:
    (a) Links to the approved Committee Specification in the TC's document
    repository, and any appropriate supplemental documentation for the
    specification, both of which must be written using the OASIS templates.
    The specification may not have been changed between its approval as a
    Committee Specification and its submission to OASIS for consideration as
    an OASIS Standard, except for the changes on the title page and running
    footer noting the approval status and date. 
    We are requesting submission of the following KMIP V1.0 Committee
    Specification to the Membership of OASIS for considerations as an OASIS
    standard:  
    
    http://docs.oasis-open.org/kmip/profiles/v1.0/cs01/kmip-profiles-1.0-cs-
    01.pdf
    
    
     (b) The editable version of all files that are part of the Committee
    Specification;
    The editable versions of the above documents are available at:
    
    http://docs.oasis-open.org/kmip/profiles/v1.0/cs01/kmip-profiles-1.0-cs-
    01.doc
    
    (c) Certification by the TC that all schema and XML instances included
    in the specification, whether by inclusion or reference, including
    fragments of such, are well formed, and that all expressions are valid;
    The KMIP co-chairs certify that the KMIP V1.0 Profiles document includes
    expression of message format and contents; all instances of such
    expressions included in the specification, whether by inclusion or
    reference, including fragments of such, are well formed and valid. KMIP
    V1.0 does not include schema or XML expressions.
    
    (d) A clear English-language summary of the specification; 
    The Key Management Interoperability Protocol (KMIP) establishes a
    single, comprehensive protocol for communication between enterprise key
    management servers and cryptographic clients. By defining a protocol
    that can be used by any cryptographic client, from the smallest
    automated electric meters to the most complex disk-arrays, KMIP enables
    enterprise key management servers to speak a single protocol to all
    cryptographic clients supporting the protocol. Through vendor support of
    KMIP, an enterprise will be able to consolidate key management in a
    single enterprise key management system, reducing operational and
    infrastructure costs while strengthening operational controls and
    governance of security policy.  
    
    KMIP includes three primary elements:
    
    *	Objects. These are the symmetric keys, asymmetric keys, digital
    certificates and so on upon which operations are performed.
    	
    *	Operations. These are the actions taken with respect to the
    objects, such as getting an object from a key management system,
    modifying attributes of an object and so on.
    
    *	Attributes. These are the properties of the object, such as the
    kind of object it is, the unique identifier for the object, and so on.
    
    The protocol supports other elements, such as the use of templates that
    can simplify the specification of attributes in a request or response.
    But at its most basic level, KMIP consists of placing objects,
    operations and/or attributes either into a request from a cryptographic
    client to a key management server or into a response from a key
    management server to a cryptographic client.
    
    (e) A statement regarding the relationship of this specification to
    similar work of other OASIS TCs or other standards developing
    organizations;
    As a transport-level protocol, KMIP is complementary to other key
    management efforts, including OASIS EKMI and IEEE P1619.3, expressed in
    XML.KMIP leverages other standards whenever possible. For example, it
    uses the key life-cycle specified in NIST special publication 800-57 to
    define attributes related to key states. It uses network security
    mechanisms such as TLS to establish authenticated communication between
    the key management system and the cryptographic client. It relies on
    existing standards for encryption algorithms, key derivation and many
    other aspects of a cryptographic solution, focusing on the unique and
    critical problem of interoperable messages between key management
    systems and cryptographic clients. 
     
    (f) The Statements of Use presented above; 
    Statements of Use are available at the following locations:
    Cryptsoft:
    http://www.oasis-open.org/apps/org/workgroup/kmip/email/archives/201006/
    msg00020.html
    
    HP :
    http://www.oasis-open.org/apps/org/workgroup/kmip/email/archives/201006/
    msg00021.html
    
    IBM
    :http://www.oasis-open.org/apps/org/workgroup/kmip/email/archives/201006
    /msg00019.html
    
    RSA:
    http://www.oasis-open.org/apps/org/workgroup/kmip/email/archives/201006/
    msg00018.html
    
    Safenet (client only):
    http://www.oasis-open.org/apps/org/workgroup/kmip/email/archives/201006/
    msg00023.html
    
    (g) The beginning and ending dates of the public review(s), a pointer to
    the announcement of the public review(s), and a pointer to an account of
    each of the comments/issues raised during the public review period(s),
    along with its resolution; 
    First public review:
    -	beginning date: 1-December-2009
    -	ending date: 30-January-2010
    -	announcement:
    http://lists.oasis-open.org/archives/kmip/200911/msg00050.html
    -	comments spreadsheet:
    http://www.oasis-open.org/apps/org/workgroup/kmip/download.php/38097/KMI
    P_nontc_public_review_comments%202feb10.xlsx
    	
    
    Second public review:
    -	beginning date: 29-April-2010
    -	ending date: 14-May-2010
    -	announcement:
    http://www.oasis-open.org/apps/org/workgroup/kmip/email/archives/201004/
    msg00021.html
    -	comments spreadsheet:
    http://www.oasis-open.org/committees/download.php/38083/KMIP%20non-TC%20
    Public%20Review%202%20Comments%201jun2010.xls
    
    (h) An account of and results of the voting to approve the specification
    as a Committee Specification, including the date of the ballot and a
    pointer to the ballot; 
    KMIP TC unanimously agreed on 27-May-2010 to request the OASIS TC Admin
    to initiate a Special Majority Vote to approve the KMIP V1.0 Profiles
    (see location above) as a Committee Specification. The ballot started
    7-June-2010 and ended 14-June-2010., with the following results:
    In favor: 28  (100% of votes; 82% of eligible voters)
    Opposed: 0
    Abstain: 1
    Did not vote: 5
    In addition, the KMIP TC unanimously agreed on 10-June-2010 to request
    the OASIS TC Admin to initiate a Special Majority Vote to request a vote
    by the OASIS membership to approve the KMIP V1.0 Profiles committee
    specification as an OASIS Standard. The ballot started 30-June-2010 and
    ended 7-July-2010., with the following results:
    In favor: 31 (100% of votes; 91% of eligible voters)
    Opposed: 0
    Abstain: 0
    Did not vote: 3
    (i) An account of or pointer to votes and comments received in any
    earlier attempts to standardize substantially the same specification,
    together with the originating TC's response to each comment;
    There were no earlier attempts to standardize this or any other KMIP
    specification.
    
    (j) A pointer to the publicly visible comments archive for the
    originating TC; 
    The publicly visible comments archive for KMIP TC is available at
    http://lists.oasis-open.org/archives/kmip-comment/.
    
    (k) A pointer to any minority reports delivered by one or more Members
    who did not vote in favor of approving the Committee Specification,
    which report may include statements regarding why the member voted
    against the specification or that the member believes that Substantive
    Changes were made which have not gone through public review; or
    certification by the Chair that no minority reports exist.
    The KMIP co-chairs certify that no minority reports exist.