The XML Key Management Specification

The XML Key Management Specification (XKMS) is a document that is defining the protocols used for distributing and registering public keys that can be used with the XML Signature standards developed by the World Wide Web Consortium and the Internet Engineering Task Force (IETF), being an anticipated standard that would be used together with the XML encryption standard.

Basically, the XKMS standard is formed by two parts: XML Key Information Service Specification (X-KISS) and the XML Key Registration Service Specification  (X-KRSS).

X-KISS is a specification used for defining a so-called “Trust service” which is used for resolving, by using the information from  XML-SIGelements, the public-key information. It allows the client of such a service to use a process <ds:KeyInfo> and its elements to resolve the public keys information. Its main objective is to minimize the complexity of implementation of programs based on XKMS by making these programs act as clients, without knowing the internal implementation of the XKMS code and in such a way be shielded from the complex syntax that comes with encryption.

X-KRSS is defining a protocol for a web-service that is registering the public encryption keys information. After the registration, the keys are prepared to be used together with X-KISS in conjunction with other web-sites.

Both protocols are created as structures in the XML Schema Language by using protocols that employ the Simple Object Access Protocol (SOAP) 1.1 and definition of relationships defined by the Web Services Definition Language v1.0 (WSDL), but they are also implementable in a great variety of languages.

As the usage of encryption on the Internet is rising, becoming more and more frequent with the rise of need of secure banking operations and the more frequent usage of the Web as a great marketplace, users need to be sure in the security of their operations.