[February 12, 2013] |
|
Key Management Interoperability Protocol (KMIP) 1.1 and KMIP Profiles 1.1 Become OASIS Standards
BOSTON --(Business Wire)--
The OASIS international open standards consortium announced the approval
of version 1.1 of the Key Management Interoperability Protocol (KMIP)
Specification and KMIP Profiles. KMIP enables interoperable
communication between cryptographic environments and key managers,
reducing the operational, training, and infrastructure costs for key
management in the enterprise. KMIP 1.1 and the related KMIP Profiles 1.1
are now official OASIS Standards, a status that signifies the highest
level of ratification.
"The beauty of KMIP is that it delivers a single protocol that any
cryptographic environment-tape drives, application encryption software
development kits, database encryption applications-can use to talk to
any key manager," explained Robert Griffin of RSA, the security division
of EMC (News - Alert), co-chair of the OASIS KMIP Technical Committee. "That means
developers need to learn just one set of tools, and changes in key
management strategy can be put in place without having to retrofit
applications. The savings are tremendous."
In addition to the main specification, KMIP Profiles define
functionality sets that address specific scenarios (such as vaulting
keys created within a storage environment). KMIP Profiles also define
the authentication that must be used to ensure message confidentiality
and integrity.
"It's exciting to see how far we've come since we began work on KMIP in
2009," said Subhash Sankuratripati of NetApp, who also co-chairs the
OASIS KMIP Technical Committee. The group now includes representatives
of more than 32 vendors and end user organizations from around the
world. "KMIP is widely regarded as the key management interoperability
solution, and version 1.1 has already been implemented in an array of
products."
Many of those products will be on display at the RSA Conference 2013 in
San Francisco, 25-27 February 2013. Cryptsoft, Hewlett-Packard, IBM,
QuintessenceLabs, Thales (News - Alert) e-Security, Townsend Security, and Vormetric
will demonstrate the full key management life-cycle including creating,
registering, locating, retrieving, deleting, and transferring symmetric
and asymmetric keys and certificates between the vendors' systems. The
demonstration builds on the substantial interoperability testing that
was conducted throughout the development of KMIP 1.1.
KMIP 1.1 is offered for implementation on a royalty-free basis.
Companies, non-profit groups, governments, academic institutions, and
individuals are welcome to participate in the OASIS KIP Technical
Committee, which is currently working on version 1.2 of the
specification. As with all OASIS projects, archives of the KMIP
Technical Committee's work are accessible to both members and
non-members, and OASIS hosts an open mail list for public comment.
Support for KMIP 1.1
Cryptsoft "As a co-editor and key contributor to KMIP 1.1,
Cryptsoft is committed to providing our OEM partners and customers with
innovative, standards-based technologies and as such are pleased to
support v1.1 of the OASIS KMIP specification. Building on the solid
foundation of KMIP v1.0, version 1.1 of the specification further
addresses the full spectrum of enterprise key management requirements
across physical, virtual and cloud-based deployments." -- Tim
Hudson, Chief Security Architect, Cryptsoft
HP "As the foundation of data protection and governance,
strong cryptography and key management controls are critical elements in
any enterprise encryption strategy. With the approval of KMIP 1.1,
organizations can more effectively apply encryption to protect sensitive
data while reducing the costs associated with managing keys across the
enterprise. HP recognizes the significance of this milestone and looks
forward to continued partnership with OASIS in promoting industry
consensus for global security and compliance." -- Frank
Mong, VP & General Manager of Solutions, HP Enterprise Security
IBM (News - Alert) "Our clients are demanding open, interoperable solutions
for securing their cloud environments. Through our collaboration with
the other members of the KMIP Technical Committee, and by offering
support for this important revision of the KMIP standard in our
currently shipping offerings, IBM is working hard to deliver on our
clients requirements." --Todd Moore, IBM Director for
Interoperability and Partnerships, IBM
Thales e-Security "This announcement is a great step forward
on the road to making enterprise key management a reality. KMIP 1.1
allows organizations to develop a key management strategy that is
independent of the numerous uses of encryption across their enterprise.
As an originator of the KMIP standard, Thales is pleased to actively
contribute to the OASIS Technical Committee and promote the KMIP
standard worldwide." -- Bob Lockhart, Chief Solutions Architect
Key Management, Thales e-Security
Vormetric "KMIP is widely recognized as the leading industry
standard protocol for key management between an encryption client and a
key management server. This standard is seeing rapid industry adoption,
and we are delighted to be demonstrating our support for OASIS KMIP at
RSA (News - Alert) Conference." -- Ashvin Kamaraju, VP of Product Development,
Vormetric
Additional information:
OASIS KMIP Technical Committee: http://www.oasis-open.org/committees/kmip/
KMIP 1.1 OASIS Standard: https://www.oasis-open.org/standards#kmipspecv1.1
About
OASIS: OASIS (Organization for the Advancement of
Structured Information Standards) is a not-for-profit, international
consortium that drives the development, convergence and adoption of open
standards for the global information society. OASIS promotes industry
consensus and produces worldwide standards for security, Cloud
computing, business transactions, Web services, Smart Grid, content
management, and other applications. OASIS open standards offer the
potential to lower cost, stimulate innovation, grow global markets, and
protect the right of free choice of technology. OASIS members broadly
represent the marketplace of public and private sector technology
leaders, users and influencers. The consortium has more than 5,000
participants representing over 600 organizations and individual members
in 100 countries: http://www.oasis-open.org.
[ Back To TMCnet.com's Homepage ]
|