Printed from www.pcpro.co.uk
W3C updates XML PKI spec
Posted on 29 Jun 2005 at 13:02
The Internet standards body W3C (World Wide Web consortium) has released a new XML specification as an official W3C Recommendation.
The XML Key Management Specification (XKMS) 2.0 brings PKI (public key infrastructure) technology into the realm of Web services (PKI is the framework within which digital certificates can be exchanged).
The idea is that online businesses will be better able to share public key identities across applications, systems and what the W3C calls 'trust boundaries'. XKMS is a non-proprietary and open standard way to provide such services, which means it should be easier for third-parties to work together in an automated fashion. Using the protocol, XKMS servers can carry the processing burden and - states the W3C - handle public key issues (confirming, revoking, etc) transparently to the applications themselves.
Most familiarly, PKI is used for digital signatures - for example, encrypting and signing sensitive emails.
BT, and its Trust Services, is an example of a company working in this field.
Described by the W3C as the 'cornerstone' of providing Web security, XKMS 2.0 is part of the W3C XML Security Framework, which also includes the XML Signature, XML Encryption, and Canonical XML Recommendations
You can read more about XKMS at www.w3.org/2001/XKMS/.
A status of 'Recommendation' for a specification means that the W3C favours its adoption by the industry. The beta-version, as it were, will only be a Candidate Recommendation.
When it comes to explaining digital signatures in more detail, you have to dip your toes into the world of encryption and asymmetric cryptography... Public and private 'keys' are complementary special codes that, when used together, offer an effective encryption scheme supporting both message authentication and digital signature verification.
To ensure authentication, an easily available public key of the recipient is used to encrypt data for transmission and an equivalent private key - which is known only by the recipient and is not shared - can be used to decode it.
To add a digital signature, a code is created with a private key of the sender, by running that key across the message content. The recipient can then verify that digital signature usng the sender's public key.
This allows the authentication of any signed information by a complementary process of signature verification. The value used, furthermore, can be unique to both the contents of the message and your private key.
Author: Alun Williams
advertisement
- Need a bit of extra Christmas cash? Grass up your boss, says BSA
- Photoshop Mobile on Android review: first look
- ATI Radeon HD 5970: 42% more expensive in the UK
- Office 2010 Beta – 32-bit or 64-bit – The Choice is Clear
- Why Britain's watchdogs have fewer teeth than goldfish
- Tabbed documents: how to make Office 2010 great
- Outlook 2010 People Pane – does it spell death to Xobni
- Microsoft Outlook 2010 screenshots
- Co-Authoring in Word 2010 and SharePoint Foundation 2010
- Microsoft Outlook 2010 screenshots: Backstage view
- Getting to grips with Microsoft's IT Health Environment Scanner
- Virtualise your servers
- The changing face of travel gadgets
- Build your own distributed file system
- The bulletproof Dell that costs an arm and a leg
- Microsoft Office 2010 Technical Preview: Q&A
- Lawnmowers, the TyTN II and one odd insurance request
- There'll never be a bulletproof OS
- How far can we trust apps?
- Five nice touches in Outlook 2010
advertisement
