OASIS Enterprise Key Management Infrastructure (EKMI) TC
Standardizing the management of symmetric encryption cryptographic keys across the enterprise
Completed: The Technical Committee is no longer active. Archives of its work remain publicly accessible and are linked from this page. OASIS appreciates the efforts of all those who participated in this TC.
Table of Contents
- Announcements
- Overview
- Subcommittees
- Technical Work Produced by the Committee
- Expository Work Produced by the Committee
- External Resources
- Mailing Lists and Comments
- Additional Information
January 2011
Oasis SKSML v1.0 undergoes a revision and is voted as a Committee Specification. The specification is located at SKSML v1.0 Specification
February 4, 2009 - OASIS MSKSML sub-committee created. The EKMI TC creates a Mobile SKSML sub-committee to define a mobile-profile of SKSML for low-power, low-bandwidth devices (such as mobile phones). MSKSML SC Home Page
January 17, 2009 - SKSML approved as Committee Specification
The EKMI Technical Committee voted the Symmetric Key Services Markup Language as a Committee Specification.
Specification Document
November 18, 2008 - DRAFT8 of SKSML available
The Symmetric Key Services Markup Language adds support for optionally sending an encryption certificate in the request to the server. DRAFT8 Specification and XSD.
November 5, 2008 - DRAFT7 of SKSML available
The Symmetric Key Services Markup Language has added support for asynchronous request/responses, as well as standard Error Codes in this current draft. DRAFT7 Specification and XSD.
September 23, 2008 - OASIS concludes public review of SKSML
OASIS' Enterprise Key Management Infrastructure Technical Committee concluded the 60-day formal review of the Symmetric Key Services Markup Language today.
July 23, 2008 - OASIS begins public review of SKSML
OASIS' Enterprise Key Management Infrastructure Technical Committee begins the formal review of the Symmetric Key Services Markup Language today. Details.
June 30, 2008 - Tech Road Map: EKMI
OASIS' open Enterprise Key Management Infrastructure initiative promises less-complex encryption. But will vendors get on board? InformationWeek.
June 24, 2008 - DRAFT 6 of the SKSML 1.0 Specification is available for review. It incorporates feedback received from TC members. The OpenOffice and PDF documents can be found in the document archives.
June 19, 2008 - An update to the SKSML 1.0 Specification (DRAFT 5.1) is available for review. The OpenOffice and PDF documents can be found in the document archives.
June 09, 2008 - A full DRAFT of the SKSML 1.0 Specification (DRAFT 4) is now available for review. The OpenOffice and PDF documents can be found in the document archives.
February 22, 2008 - DRAFT v3 of the SKSML protocol has been approved as a Committee DRAFT by the Enterprise Key Management Infrastructure (EKMI) Technical Committee.
February 05, 2008 - A new DRAFT specification for SKSML (Version 3) is now available for review. Version 3 incorporates the ability to request and receive multiple symmetric keys from an SKS server. The ZIP file containing the XSD and sample instances of the protocol can be found in the document archives.
December 27, 2007 - A new DRAFT specification for SKSML (Version 2) is now available for review. Version 2 incorporates feedback received on the Version 1 protocol specification from many TC members. The ZIP file containing the XSD and sample instances of the protocol can be found in the document archives.
December 15, 2007 - The EKMI TC approves submission of information on SKSML to the IEEE 1619.3 Working Group. The IEEE WG is working on a protocol to manage encryption keys for storage devices and has concurred that it will integrate with SKSML. Details of the ballot are here, while the IEEE document submission can be found here, .
November 01, 2007 - The Singapore chapter of ISACA announces an EKMI Workshop. Details and registration information are available at http://www.isaca.org.sg/isaca/eventdetails.cfm?idno=131.
October 19, 2007 - The San Francisco chapter of ISACA announces the availability of an EKMI Workshop on November 15, 2007. Details and registration information are available at http://www.sfisaca.org/.
October 3, 2007 - The Singapore chapter of ISACA announces the first ever EKMI Workshop. Details and registration information are available at http://www.isaca.org.sg/.
September 21, 2007 - "It might appear that the technology industry just discovered encryption-key management in 2007." So said Greg Goth of the IEEE Distributed Systems Online. Read the full story at Key Management Standards Hit the Fast Track.
June 25, 2007 - "EKMI will be an important step in addressing this problem in an open, cross-vendor manner". So said Trent Henry, a senior analyst at The Burton Group on the efforts of the EKMI TC. Read the full EKMI TC Press Release.
June 21, 2007 - Ken Adler and Mike Nelson are elected Co-Chairs of the EKMI SKMS Audit Guidelines SubCommittee (AGSC). The AGSC has responsibilities for creating guidelines that permit IT Auditors to audit EKMIs effectively, and for educating IT Auditors on EKMI and the Audit Guidelines.
June 18, 2007 - Webinar on Enterprise Key Management Infrastructure (EKMI) scheduled for July 10, 2007. Click here for details and registration.
June 18, 2007 - The SKSML protocol has been approved as a Committee DRAFT by the Enterprise Key Management Infrastructure (EKMI) Technical Committee.
June 18, 2007 - The SKSML Requirements Document has been approved as a Committee DRAFT by the Enterprise Key Management Infrastructure (EKMI) Technical Committee.
June 12, 2007 - An FAQ on the Enterprise Key Management Infrastructure (EKMI) Technical Committee is now available.
May 29, 2007 - Arshad Noor, Chair of the EKMI-TC will be speaking on "Enterprise Key Management Infrastructures" at the ISSE/SECURE 2007 Conference in Warsaw, Poland in September 2007.
March 28, 2007 - Arshad Noor, Chair of the EKMI-TC will be speaking on "Enterprise Key Management Infrastructures: Understanding them before auditing them" at the ISACA International 2007 Conference in Singapore in July 2007.
January 16, 2007 - Arshad Noor, Co-Chair of the EKMI-TC will be speaking on "Enterprise Key Management Infrastructures: An Evolution Towards Securing Data for eBusiness/eGovernment" at the OASIS Symposium 2007 in San Diego.
January 16, 2007 - The OASIS Enterprise Key Management Infrastructure Technical Committee (EKMI-TC) convened on January 16, 2007. The newly formed committee, unanimously, elected Arshad Noor (StrongAuth, Inc.) and Dr. Hans Van Tilburg (Visa International) as Co-Chairs of the EKMI-TC. Additionally, it voted to become part of the OASIS PKI Member Section and created the four following subcommittees:
- EKMI Symmetric Key Services Markup Language (SKSML) Subcommittee
- EKMI SKMS Implementation and Operations Guidelines Subcommittee
- EKMI SKMS Audit Guidelines Subcommittee
- EKMI SKSML Test Suite Subcommittee
Enterprise Key Management Infrastructure (EKMI) is the term given to "a collection of technology, policies and procedures for managing all cryptographic keys - symmetric and asymmetric - in the enterprise". An EKMI has the following characteristics:
- It allows enterprises to define cryptographic key-management policy in a single place
- It provides secure protocols for availing key-management services from servers configured for this purpose
- It is platform and application-independent
- It is scalable to accommodate the needs of an enterprise of any size
- It is redundant to provide cryptographic services even in the face of network failures
- It is extremely secure
An EKMI typically consists of a Public Key Infrastructure (PKI) - to manage the asymmetric keys - and a Symmetric Key Management System (SKMS) - to manage the symmetric keys. Currently, these two systems must remain distinct even though an SKMS relies on digital certificates issued by the PKI for authentication, message integrity and confidentiality. However, once the current goals of the EKMI-TC are realized (see below), the TC anticipates focusing on what is necessary to evolve the PKI and SKMS to a single EKMI in the future.
The purpose of the OASIS EKMI-TC are:
- To standardize a protocol - the Symmetric Key Services Markup Language (SKSML) - for applications and/or computerized devices to acquire symmetric key management services, securely, over a network
- To create implementation and Operations Guidelines for how to build and operate Symmetric Key Management Systems (SKMS)
- To work with other standards-setting bodies on Audit Guidelines for SKMS and
- To create an interoperability testing suite for the Symmetric Key Services Markup Language (SKSML) protocol
For more information, see the TC Charter and FAQ
- EKMI Mobile Symmetric Key Services Markup Language (MSKSML) Subcommittee
- EKMI Symmetric Key Services Markup Language (SKSML) Subcommittee
- EKMI SKMS Implementation and Operations Guidelines Subcommittee
- EKMI SKMS Audit Guidelines Subcommittee
- EKMI SKSML Test Suite Subcommittee
Technical Work Produced by the Committee
Symmetric Key Services Markup Language 1.0 (XSD)
SKSML 1.0 Committee Specification (Normative)
Wiki for OASIS EKMI TC member collaboration
Expository Work Produced by the Committee
SKSML Requirements (PDF)
SKSML Use Cases (PDF)
EKMI Policy Guidelines (PDF)
Although not produced by the OASIS TC, the following information offers useful insights into its work.
IDtrust XML.org is a community-driven site hosted by OASIS that provides reliable background information on the standard. The site also serves as a community bulletin board and directory where readers post news, ideas, opinions, and recommendations. It incorporates wiki functionality to let users edit and add new pages to the site. The public is encouraged to contribute content.
A presentation on EKMI given by Arshad Noor, Co-Chair of the EKMI-TC, at the OASIS Adoption Forum in London, on November 28, 2006 - http://www.oasis-open.org/events/adoptionforum2006/slides/noor.pdf
An open-source implementation of a Symmetric Key Management System that implements the proposed SKSML protocol - www.strongkey.org
ekmi-sksml@lists.oasis-open.org
ekmi-implementation@lists.oasis-open.org
ekmi-audit@lists.oasis-open.org
ekmi-testsuite@lists.oasis-open.org
WIP.
Content for this OASIS TC web page is provided by [name] of [organization (if OASIS organizational member)] on behalf of the TC. For technical assistance, contact webmaster@oasis-open.org.
Providing Feedback: OASIS welcomes feedback on its technical activities from potential users, developers, and others to better assure the interoperability and quality of OASIS work.