Presentation is loading. Please wait.

Presentation is loading. Please wait.

An Analysis of XKMS Yamini Ghadge Shanky Subramanian.

Published byAdrian McLaughlin Modified over 6 years ago

Similar presentations

Presentation on theme: "An Analysis of XKMS Yamini Ghadge Shanky Subramanian."— Presentation transcript:

1 An Analysis of XKMS Yamini Ghadge Shanky Subramanian

2 Agenda Why XKMS? – Problems with PKI What XKMS? Before XKMS After XKMS
Advantages XKRSS XKISS Conclusion

3 Why XKMS? – Problems with PKI
Burden is on the Client to perfom expensive operations -- ASN.1 encoding /decoding -- Signature verification -- Chain Validation -- Revocation Checking Interfacing application to PKI service -- Proprietary PKI vendor toolkits -- need of complex functions -- incompatibility with different PKI vendors

4 What is XKMS? XML Key Management Specification.
A Trust Service solves the client deployment problem by shielding the client from the complexity of the underling PKI. Not bound to a particular PKI

5 Before XKMS

6 After XKMS

7 Advantages Ease of Management Less complex application
Application is free from ASN.1 0r X.509 processing Very small client footprint. Deployment of new PKI features does not require deployment of new clients.

8 Components of XKMS XML Key Registration Service Specification (XKRSS)
Mechanism for registering a key pair with the service provider Client - generates a key pair and provides the public key, along with other information, to the service provider for registration. XKMS service - generates a key pair for the client, registers the public key of the pair with itself, and sends the private key of the pair to the client for its use. XKMS service keeps the private key as well in case the client loses its private key.

9 Components of XKMS XML Key Registration Service Specification (XKRSS)
XKRSS defines 4 operations Register – public key with some information Reissue – previously generated key binding reissued when new credentials are added to PKI Revoke – allows clients to destroy data objects to which key is bound. Ex. X.509 certificate bound to the XKMS key destroyed when revoke is called. Recover – client recovers the lost private key only if registered with the service provider

10 Components of XKMS XML Key Information Service Specification (XKISS)
Mechanism that allows client applications to authenticate encrypted/signed data. This is done by passing the corresponding key information to service provider. Service provider responds with “ true” or “false” "True" indicates that the public key corresponding to the private key used for signing belongs to the claiming entity.

11 Components of XKMS XML Key Information Service Specification (XKISS)
XKISS defines 2 operations Locate – Finds the key based on element in the key information that is associated with XML encryption or XML signature Validate – It not only finds the key as locate does but also validates the key binding information associated with it.

12 Conclusion XKMS is a web service that provides interface between XML application and PKI It simplifies deployment of enterprise PKI by transferring complex processing tasks from client application to a trust service .

Download ppt "An Analysis of XKMS Yamini Ghadge Shanky Subramanian."

Similar presentations

Smart Certificates: Extending X.509 for Secure Attribute Service on the Web October 1999 Joon S. Park, Ph.D. Center for Computer High Assurance Systems.

Smart Certificates: Extending X.509 for Secure Attribute Service on the Web October 1999 Joon S. Park, Ph.D. Center for Computer High Assurance Systems.
XML Key Management Services - Tutorial 9 December 01 Blair Dillaway Software Architect Microsoft Corp.

XML Key Management Services - Tutorial 9 December 01 Blair Dillaway Software Architect Microsoft Corp.
1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.

1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.
A Framework for Distributed OCSP without Responders Certificate

A Framework for Distributed OCSP without Responders Certificate
MyProxy: A Multi-Purpose Grid Authentication Service

MyProxy: A Multi-Purpose Grid Authentication Service
Grid Computing, B. Wilkinson, 20045a.1 Security Continued.

Grid Computing, B. Wilkinson, 20045a.1 Security Continued.
Public Key Infrastructure (PKI)

Public Key Infrastructure (PKI)
Certificates Last Updated: Aug 29, 2013. A certificate was originally created to bind a subject to the subject’s public key Intended to solve the key.

Certificates Last Updated: Aug 29, A certificate was originally created to bind a subject to the subject’s public key Intended to solve the key.
Geneva, Switzerland, 2 June 2014 Introduction to public-key infrastructure (PKI) Erik Andersen, Q.11 Rapporteur, ITU-T Study Group 17 ITU Workshop.

Geneva, Switzerland, 2 June 2014 Introduction to public-key infrastructure (PKI) Erik Andersen, Q.11 Rapporteur, ITU-T Study Group 17 ITU Workshop.
Public Key Management and X.509 Certificates

Public Key Management and X.509 Certificates
Report on Attribute Certificates By Ganesh Godavari.

Report on Attribute Certificates By Ganesh Godavari.
Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.

Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.
Exchange Network Key Management Services A Security Component February 28, 2005 The Exchange Network Node Mentoring Workshop.

Exchange Network Key Management Services A Security Component February 28, 2005 The Exchange Network Node Mentoring Workshop.
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
WAP Public Key Infrastructure CSCI 5939.02 – Independent Study Fall 2002 Jaleel Syed Presentation No 5.

WAP Public Key Infrastructure CSCI – Independent Study Fall 2002 Jaleel Syed Presentation No 5.
An In-Depth Examination of PKI Strengths, Weaknesses and Recommendations.

An In-Depth Examination of PKI Strengths, Weaknesses and Recommendations.
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
Web Services Security Multimedia Information Engineering Lab. Yoon-Sik Yoo.

Web Services Security Multimedia Information Engineering Lab. Yoon-Sik Yoo.
Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.

Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.
1 XML Encryption Notes from encrypt/index.html by Bilal Siddiqui And “Secure XML” by Eastlake and Niles.

1 XML Encryption Notes from encrypt/index.html by Bilal Siddiqui And “Secure XML” by Eastlake and Niles.

Similar presentations

Ads by Google