RE: some quick questions regarding XKMS from Ed Simon on 2005-06-22 (www-xkms@w3.org from June 2005)

From: Ed Simon <edsimon@xmlsec.com>
Date: Wed, 22 Jun 2005 11:41:15 -0400
To: <jose.kahan@w3.org>, <www-xkms@w3.org>
Message-Id: <200506221541.j5MFfFuF023377@mail2.magma.ca>
First, fix "XMLS 2.0" to "XKMS 2.0".

In addition to federated identity (as Rich has suggested), I would also
emphasize its value for Web Services in general.  In plain language for the
reporter I would say, 

"XKMS is a major re-invention of Public Key Infrastructure (PKI) -- the
technology for managing users (both human and machine) and their respective
cryptographic keys.  Though PKI is a profoundly important technology for
modern security systems, prior to XKMS, it has also proved to be too
technically demanding for widespread use.  XKMS is PKI redesigned for
today's security applications.  XKMS makes it practical to implement the key
management necessary for federated identity (being able to use a an identity
seamlessly across applications and systems) and for securing Web Services
(which allows applications running on different platforms and different
domains to work together)."

How does that sound?

Regards, Ed

========================================
Ed Simon
(613) 726-9645
edsimon@xmlsec.com 
Interested in XML, Web Services, or Security?  Visit "www.xmlsec.com".
Now available!  "Web Services Security" published by Osborne (ISBN#
0072224711)


-----Original Message-----
From: www-xkms-request@w3.org [mailto:www-xkms-request@w3.org] On Behalf Of
Jose Kahan
Sent: June 22, 2005 9:16 AM
To: www-xkms@w3.org
Subject: some quick questions regarding XKMS

Hi folks,

In preparation for the XKMS press release, could you help check for accuracy
and complete my answers to the following questions?

Many thanks!

-jose

> To what extent does XMLS 2.0 fulfill the charter requirements, stated
> here: http://www.w3.org/2001/XKMS/2001/01/xkms-charter.html#_Mission

I think that we fulfill all of those requirements.

> What makes XKMS 2.0 different from 1.0? Are there any new features?

I think that XKMS 1.0 was the original XKMS submission. I can try to go thru
the submission and make a list of changes. If you have a quick  answer at
hand, it would be gladly accepted.

 Are there any practical application examples of XMLS 2.0 that I can cite
> in plain language for the reporter?

The only one I've in mind is motivate the creation of local PKI networks.

Traditionally, the common PKI operations (public key certificate management,
localization, parsing, and validation operations) are difficult to integrate
into existing applications because they add overhead and must be hard-coded
for a given PKI. An XKMS contribution to PKI deployment is to delegate those
operations to a server by means of low overhead protocols, while being open
enough to be able to be used with any public certificate certificate format.
To make an application PKI aware in XKMS, one needs only to implement the
XKMS protocols that are interesting to that application. All decisions as to
the type of public key certificate format, revocation, and so on can be
handled directly at the server and transparently to the applications
themselves. This will help not only third parties provide PKI operations in
an interoperable way, but will also allow companies to install their own
XKMS servers for applications pertaining to local intranets.
Received on Wednesday, 22 June 2005 15:41:26 UTC