Table Of Contents

Executive Summary

This document specifies protocols for distributing and registering public keys, suitable for use in conjunction with the proposed standard for XML Signature [XML-SIG] developed by the World Wide Web Consortium (W3C) and the Internet Engineering Task Force (IETF) and an anticipated companion standard for XML encryption.  The XML Key Management Specification (XKMS) comprises two parts -- the XML Key Information Service Specification (X-KISS) and the XML Key Registration Service Specification (X-KRSS).

Introduction

This document specifies protocols for distributing and registering public keys, suitable for use in conjunction with the proposed standard for XML Signatures [XML-SIG] developed by the World Wide Web Consortium (W3C) and the Internet Engineering Task Force (IETF) and an anticipated companion standard for XML encryption.  The XML Key Management Specification (XKMS) comprises two parts -- the XML Key Information Service Specification (X-KISS) and the XML Key Registration Service Specification (X-KRSS).

Namepaces

For clarity, some examples of XML are not complete documents and namespace declarations may be omitted from XML fragments. In this document, certain namespace prefixes represent certain namespaces as follows

These namespaces are declared in the XKMS schema as follows:

...

Key Information Service Specification Overview (Non-Normative)

X-KISS allows a client to delegate part or all of the tasks required to process XML Signature <ds:KeyInfo> elements to a Trust service. A key objective of the protocol design is to minimize the complexity of applications using XML Signature. By becoming a client of the trust service, the application is relieved of the complexity and syntax of the underlying PKI used to establish trust relationships, which may be based upon a different specification such as X.509/PKIX, SPKI or PGP.

By design, the XML Signature Specification does not mandate use of a particular trust policy. The signer of a document is not required to include any key information but may include a <ds:KeyInfo> element that specifies the key itself, a key name, X.509 certificate, a PGP Key Identifier etc. Alternatively, a link may be provided to a location where the full <ds:KeyInfo> information may be found.

The information provided by the signer may therefore be insufficient by itself to perform cryptographic verification and decide whether to trust the signing key, or the information may not be in a format the client can use. For example:

• The Key may be specified by a name only.
• The local trust policy of the client may require additional information in order to trust the key.
• The Key may be encoded in an X.509 certificate that the client cannot parse.

In the case of an encryption operation:

• The client may not know the public key of the recipient.

Key Registration Service Specification Overview (Non-Normative)

X-KRSS describes a protocol for registration of public key information. A client of a conforming service may request that the Registration Service bind information to a public key. The information bound may include a name, an identifier or extended attributes defined by the implementation.

The key pair to which the information is bound may be generated in advance by the client or, to support key recovery, may be generated on request by the service. The Registration protocol may also be used for subsequent recovery of a private key.

The protocol provides for authentication of the applicant and, in the case that the key pair is generated by the client, Proof of Possession (POP) of the private key. A means of communicating the private key to the client is provided in the case that the private key is generated by the Registration Service.

This document specifies means of registering RSA and DSA keys and a framework for extending the protocol to support other cryptographic algorithms such as Diffie-Helleman and Elliptic Curve variants.

Structure of this document

The remainder of this document describes the XML Key Information Service Specification and XML Key Registration Service Specification.

Section 2: X-KISS Protocol Overview.

The functional behavior of the X-KISS protocol is described.

Section 3: X-KISS Message Set.

The semantics of the X-KISS protocol messages are defined.

Section 4: X-KRSS Protocol Overview.

The functional behavior of the X-KRSS protocol is described.

Section 5: X-KRSS Message Set.

The semantics of the X-KRSS protocol messages is defined.

Section 6: Cryptographic Algorithm support

Data formats to support use of the cryptographic algorithms RSA and DSA are defined.

Key Information Service Protocol Overview

In the XML Signature Specification, a signer may optionally include information about his public signing key ("<ds:KeyInfo>") within the signature block. This key information is designed to allow the signer to communicate "hints" to a verifier about which public key to select.

Example: Document Signature

The client receives a signed XML document. The <ds:Keyinfo> element specifies a <ds:RetrievalMethod> for an X.509 certificate that contains the public key. The client sends the <ds:Keyinfo> element to the location service requesting that the <KeyName> and <KeyValue> elements be returned.

Request:

<Locate>

   <Query>

      <ds:KeyInfo>

         <ds:RetrievalMethod

           URI="http://www.PKeyDir.test/Certificates/01293122"

          http://www.w3.org/2000/09/xmldsig#X509Data"/>

      </ds:KeyInfo>

   </Query>

   <Respond>

      <string>KeyName</string>

      <string>KeyValue</string>

   </Respond>

</Locate>

Schema and Web Service Contract

This appendix describes specific instructions for use of the SOAP binding. Ideally the means of authenticating SOAP messages will be specified in the SOAP specification.

If an XML Signature is used the scope of the signature is the <SOAP-ENV:Envelope> element.

XKMS Schema