OASIS Announces Committee to Standardize Symmetric Encryption Key Management Across the Enterprise

Members of the OASIS international consortium have formed a committee to develop an open standard for managing symmetric encryption cryptographic keys across the enterprise. The OASIS Enterprise Key Management Infrastructure (EKMI) Technical Committee is working to standardize a royalty free Web services protocol that will enable client applications to request symmetric key-management services of a network-based server. The Committee is also working towards creating implementation, operations and audit guidelines for EKMI and an interoperability test suite to ensure compliant implementations of the protocol.

"The life cycle of encryption keys is incredibly important. As enterprises deploy ever-increasing numbers of encryption solutions, they often find themselves managing silos with inconsistent policies, availability, and strength of protection. Enterprises need to maintain keys in a consistent way across various applications and business units," said Trent Henry, senior analyst, Burton Group. "EKMI will be an important step in addressing this problem in an open, cross-vendor manner."

The EKMI Technical Committee is part of the OASIS IDtrust Member Section, a group of that brings together companies, public sector agencies, and research institutions from around the world to promote greater understanding and use of standards-based technologies, policies, and practices for identity and trusted infrastructure.

"We believe that key management must become as generic a service as the Domain Name Service (DNS), applicable and accessible to anything that needs its services," noted Arshad Noor, chair of the OASIS EKMI Technical Committee. "Given the effort that companies must expend in encrypting sensitive data and managing encryption keys, it behooves them to do it right, and to do it just once. Encrypting anywhere other than at the application layer will require data custodians to revisit the problem again."

"The basic technologies for asymmetric key e-signatures have been around for years, but so have questions about how to best use and manage them," noted James Bryce Clark, director of standards development for OASIS. "The goal of the EKMI effort is to provide a clear set of answers."

Representatives of Red Hat, the United States Department of Defense, Visa, and others make up the OASIS EKMI Technical Committee. Participation remains open to all companies, non-profit groups, governments, academic institutions, and individuals.

The OASIS EKMI Technical Committee operates under the Royalty Free on Limited Terms mode, as defined by the OASIS Intellectual Property Rights Policy. As with all OASIS projects, archives of the Committee's work are accessible to both members and non-members, and OASIS offers a mechanism for public comment.

Additional information:
OASIS EKMI Technical Committee:
http://www.oasis-open.org/committees/ekmi/

EKMI FAQ:
http://www.oasis-open.org/committees/ekmi/faq.php

See the full press release.