Re: Proposed work item: WebKMS

On 2019-11-25 20:11, Stephen Curran wrote:
> In Aries, we're using KMS to mean "Key Management Service" to address the concerns raised by Anders, where in addition to managing the keys, operations like sign, encrypt, etc. are performed by the service.

I see.

In SKS/KeyGen2 these operations are not only separated by nomenclature (Key management versus User API), but by different security models since Key management in SKS is performed by an attesting, session-based, transactional, end-2-end-secured API intended for usage with the KeyGen2 on-line protocol, while User API methods such as sign, encrypt, etc. are only permitted by locally trusted SW.

To me WebKMS appears to be more like a Web version of PKCS #11.

Anders

> 
> On Mon, Nov 25, 2019 at 11:05 AM Liam R. E. Quin <liam@fromoldbooks.org <mailto:liam@fromoldbooks.org>> wrote:
> 
>     On Mon, 2019-11-25 at 18:22 +0100, Anders Rundgren wrote:
>      > If I may comment on your proposed work item, I'm not entirely
>      > comfortable with the name because AFAIK the term KMS usually only
>      > refers to management of keys and not to cryptographic operations like
>      > sign, wrap, etc.
> 
>     It can also refer to Knowledge Management Systems - many in the
>     RDF/SemWeb world will have that background, so make sure to introduce
>     the expansion early on.
> 
>     Liam
> 
>     -- 
>     Liam Quin, https://www.delightfulcomputing.com/
>     Available for XML/Document/Information Architecture/XSLT/
>     XSL/XQuery/Web/Text Processing/A11Y training, work & consulting.
>     Barefoot Web-slave, antique illustrations: http://www.fromoldbooks.org
> 
> 
> 
> 
> -- 
> 
> Stephen Curran
> Principal, Cloud Compass Computing, Inc. (C3I)
> Technical Governance Board Member - Sovrin Foundation (sovrin.org)
> 
> /Schedule a Meeting: //https://calendly.com/swcurran/
>

Received on Monday, 25 November 2019 21:09:08 UTC