1 / 12

The OASIS KMIP Standard: Interoperability for the Cryptographic Ecosystem

The OASIS KMIP Standard: Interoperability for the Cryptographic Ecosystem. www.oasis-open.org. Jon Geater OASIS KMIP TC With thanks to Bob Griffin, co-chair, OASIS KMIP TC. KMIP Overview. Production Database. eCommerce Applications. Disk Arrays. WAN. LAN. VPN. Backup Tape.

chinara
Télécharger la présentation

The OASIS KMIP Standard: Interoperability for the Cryptographic Ecosystem

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The OASIS KMIP Standard: Interoperability for the Cryptographic Ecosystem www.oasis-open.org Jon Geater OASIS KMIP TC With thanks to Bob Griffin, co-chair, OASIS KMIP TC

  2. KMIPOverview

  3. Production Database eCommerce Applications Disk Arrays WAN LAN VPN Backup Tape Enterprise Applications Business Analytics Replica Backup System File Server Staging Portals Dev/Test Obfuscation Backup Disk Collaboration & Content Mgmt Systems Often, Each Cryptographic Environment Has Its Own Key Management System Enterprise Cryptographic Environments CRM Email Key Management System Key Management System Key Management System Key Management System Key Management System Key Management System Key Management System Key Management System

  4. Production Database eCommerce Applications Disk Arrays WAN LAN VPN Backup Tape Enterprise Applications Business Analytics Replica Backup System File Server Staging Portals Dev/Test Obfuscation Backup Disk Collaboration & Content Mgmt Systems Often, Each Cryptographic Environment Has Its Own Protocol Enterprise Cryptographic Environments CRM Email Disparate, Often Proprietary Protocols Key Management System Key Management System Key Management System Key Management System Key Management System Key Management System Key Management System Key Management System

  5. Enterprise Cryptographic Environments Production Database eCommerce Applications Disk Arrays LAN WAN VPN Backup Tape Enterprise Applications CRM Business Analytics Replica Backup System File Server Email Staging Portals Dev/Test Obfuscation Key Management Interoperability Protocol Backup Disk Collaboration & Content Mgmt Systems Enterprise Key Management KMIP: Single Protocol Supporting Enterprise Cryptographic Environments

  6. What is KMIP • The Key Management Interoperability Protocol (KMIP) enables key lifecycle management. KMIP supports legacy and new cryptographic-enabled applications, supporting symmetric keys, asymmetric keys, digital certificates, and other "shared secrets." KMIP offers developers templates to simplify the development and use of KMIP-enabled applications. • KMIP defines the protocol for cryptographic client and key-management server communication. Key lifecycle operations supported include generation, submission, retrieval, and deletion of cryptographic objects. Vendors will deliver KMIP-enabled cryptographic applications that support communication with compatible KMIP key-management servers.

  7. Transport Transport API API KMIP Encode KMIP Encode KMIP Decode KMIP Decode What is KMIP Key Server Key Client Internal representation Internal representation KMIP

  8. KMIP status KMIP Technical Committee was established in OASIS in April 2009 Submissions included at the time of TC creation included draft specification, usage guide and use cases Initial membership included most significant vendors in cryptographic solutions and key management and has continued to grow. KMIP V1.0 standard approved end-September 2010 Revision of initial submissions April-October 2009 First public review Nov/Dec 2009 Revision of documents Jan-April 2010 Second public review May/June 2010. Approval of KMIP V1.0 docs as OASIS standard Sept 2010 2 public interops completed KMIP V1.0 conformance defined in terms of server profiles, such as Symmetric Key Foundry

  9. KMIP Profiles Purpose is to define what any implementation of the specification must adhere to in order to claim conformance to the specification Define the use of KMIP objects, attributes, operations, message elements and authentication methods within specific contexts of KMIP server and client interaction. Define a set of normative constraints for employing KMIP within a particular environment or context of use. Optionally, require the use of specific KMIP functionality or in other respects define the processing rules to be followed by profile actors. Three profiles defined in V1.0 Secret data Symmetric key store Symmetric key foundry Profiles are further qualified by authentication suite TLS V1.0 / V1.1 TLS V1.2 9

  10. KMIP Work Items for vNext Next version of KMIP standard expected Q4 2011 Additions to protocol under discussion permissions and groups client registration expanded server-to-server use cases Authentication methods Additions to profiles include expanded certificate services and asymmetric key functionality. Enhanced interoperability testing

  11. KMIP V1.0 Documents http://xml.coverpages.org/KMIP/KMIP-FAQ.pdf http://docs.oasis-open.org/kmip/spec/v1.0/ http://docs.oasis-open.org/kmip/ug/v1.0/ http://docs.oasis-open.org/kmip/profiles/v1.0/ http://docs.oasis-open.org/kmip/usecases/v1.0/

  12. KMIP:Interoperability for the Cryptographic Ecosystem Production Database eCommerce Applications Disk Arrays LAN WAN VPN Backup Tape Enterprise Applications Business Analytics Replica Backup System File Server Staging Portals Dev/Test Obfuscation Backup Disk Collaboration & Content Mgmt Systems Enterprise Cryptographic Environments CRM Email Key Management Interoperability Protocol Enterprise Key Management System

More Related