W3C updates XML PKI spec
By Alun Williams
Posted on 29 Jun 2005 at 13:02
The Internet standards body W3C (World Wide Web consortium) has released a new XML specification as an official W3C Recommendation.
The XML Key Management Specification (XKMS) 2.0 brings PKI (public key infrastructure) technology into the realm of Web services (PKI is the framework within which digital certificates can be exchanged).
The idea is that online businesses will be better able to share public key identities across applications, systems and what the W3C calls 'trust boundaries'. XKMS is a non-proprietary and open standard way to provide such services, which means it should be easier for third-parties to work together in an automated fashion. Using the protocol, XKMS servers can carry the processing burden and - states the W3C - handle public key issues (confirming, revoking, etc) transparently to the applications themselves.
Most familiarly, PKI is used for digital signatures - for example, encrypting and signing sensitive emails.
BT, and its Trust Services, is an example of a company working in this field.
Described by the W3C as the 'cornerstone' of providing Web security, XKMS 2.0 is part of the W3C XML Security Framework, which also includes the XML Signature, XML Encryption, and Canonical XML Recommendations
You can read more about XKMS at www.w3.org/2001/XKMS/.
A status of 'Recommendation' for a specification means that the W3C favours its adoption by the industry. The beta-version, as it were, will only be a Candidate Recommendation.
When it comes to explaining digital signatures in more detail, you have to dip your toes into the world of encryption and asymmetric cryptography... Public and private 'keys' are complementary special codes that, when used together, offer an effective encryption scheme supporting both message authentication and digital signature verification.
To ensure authentication, an easily available public key of the recipient is used to encrypt data for transmission and an equivalent private key - which is known only by the recipient and is not shared - can be used to decode it.
To add a digital signature, a code is created with a private key of the sender, by running that key across the message content. The recipient can then verify that digital signature usng the sender's public key.
This allows the authentication of any signed information by a complementary process of signature verification. The value used, furthermore, can be unique to both the contents of the message and your private key.
From around the web
advertisement
- Laptop bag reviews: nine tested
- Sony VAIO T Series Ultrabook review: first look
- Revealed: the military standards and robots HP uses to test its laptops
- Windows 8: multi-monitors and double standards?
- Why is TalkTalk's year-old porn filter suddenly big news?
- Why are laptop screens so far behind mobiles?
- HP EliteBook Folio review: first look
- The shoebox-sized all-in-one printer
- Forget the Ultrabook: here comes the HP Sleekbook
- HP Spectre XT review: first look
- Why you have to be left in the dark on OS patches
- Is Microsoft mismanaging Windows on ARM?
- Dealing with spam surrogates
- Why 3G broadband can be better and cheaper than ADSL
- Is Twitter bad for business?
- Publishing your email address isn't a security disaster
- Why you'll need a fax machine to develop iOS apps
- Learning to adapt to the mobile web
- Why you shouldn't use WPS on your Wi-Fi network
- Disabled users suffer when software breaks the rules
advertisement
