OASIS Key Management Interoperability Protocol

Recently, OASIS announced the creation of a new key management standards effort called KMIP (Key Management Interoperability Protocol. See new stories below:

You can download the draft standard and FAQs from here:

A short summary:

The increased use of encryption for securing information in the enterprise reflects the critical importance of this technology in addressing regulatory requirements, protecting intellectual property and controlling the exposure of sensitive information. The widespread use of encryption, however, is complicated by inconsistencies and duplication in the key management systems supporting each of the encryption environments. Full-disk encryption systems for laptops have their own key management systems, as to encryption systems for array-based storage environments and content management systems. This proliferation of key management systems results in higher operational and infrastructure costs for enterprises using encryption. Even in those cases where a single key management system can support multiple encryption systems, there are typically different communication protocols between the key management system and each of the encryption systems. The proliferation of protocols, even when supported by a single enterprise key manager, results in higher costs for developing and supporting the key manager, costs that ultimately get passed on to the enterprises deploying encryption solutions.

OASIS Members Form Key Management Interoperability Protocol (KMIP) Committee

The webinar slides are available at:

The Committee charter is available via the KMIP technical committee (TC)’s public web page and in linked hypertext format:


Statement of purpose for the new OASIS Group:

The KMIP Technical Committee will develop specification(s) for the interoperability of key management services with key management clients. The specifications will address anticipated customer requirements for key lifecycle management (generation, refresh, distribution, tracking of use, life-cycle policies including states, archive, and destruction), key sharing, and long-term availability of cryptographic objects of all types (public/private keys and certificates, symmetric keys, and other forms of “shared secrets”) and related areas.

Scope of the Group:

The initial goal is to define an interoperable protocol for standard communication between key management servers, and clients and other actors which can utilize these keys. Secure key management for TPMs (Trusted Platform Modules) and Storage Devices will be addressed. The scope of the keys addressed is enterprise-wide, including a wide range of actors: that is, machine, software, or human participants exercising the protocol within the framework. Actors for KMIP may include:

* Storage Devices
* Networking Devices
* Personal devices with embedded storage (e.g. Personal Computers, Handheld
Computers, Cell Phones)
* Users
* Applications
* Databases
* Operating Systems
* Input/Output Subsystems
* Management Frameworks
* Key Management Systems
* Agents

Leave a Reply

Your email address will not be published. Required fields are marked *