In addition to the
issue raised re XKMS and SAML I would like to make the members of this group
aware of KEYPROV a group proposed to do similar work that has already
begun the chatering process in the IETF. A BOF was held last week and a
charter is currently being discussed on the mailing list:
To join the mailing
list:
Provisional draft
charter:
Current developments
in inter-domain Shared Symmetric Key tokens and inter-domain use of Kerberos
have highlighted the need for a standard protocol for provisioning symmetric
keys.
The need for provisioning protocols in PKI
architectures has been recognized for some time. Although the existence and
architecture of these protocols provides a feasibility proof for the KEYPROV,
assumptions built into these protocols make them inapplicable to symmetric
keys.
In particular the ability to provision symmetric keys
and associated attributes dynamically to already issued devices such as cell
phones and USB drives is highly desirable. The working group will develop the
necessary protocols and data formats required to support provisioning and
management of symmetric key authentication tokens, both proprietary and
standards based.
Deliverables:
- Requirements and use cases
- Protocol specification
- Key Container
specification