Chapter 8: XML Key Management Specification (XKMS)

In previous chapters, we have seen how cryptography may be used to protect the integrity and confidentiality of XML documents using XML Signature and XML Encryption, provided that the sender and recipient know the public key of the other party. This need is addressed by the XML Key Management Specification (XKMS), a Web Service that supports management of public keys.

XKMS 1.0 was submitted to the World Wide Web Consortium as a technical note in March 2001 and a working group formed to develop a standard. Although a number of vendors released products and prototypes based on the 1.0 specification, a number of minor variations were made during interoperability testing—leading to an unofficial XKMS 1.1 specification. Because no commercial products currently in use are based on the 1.0 specification, this chapter is based on the XKMS 2.0 specification currently being finalized by the working group.

Public Key Infrastructure

Public key technology is an exceptionally flexible and adaptable technology. Knowing the public key of the other party enables the confidentiality and integrity of any message or document to be protected. If the number of parties is small, this task is comparatively easy: the users can simply get together in a room and read out their public keys. However, once the number of users is too large for everyone to meet in the same room at the same time, the problem of distributing public keys becomes much harder.

Public Key Infrastructure (PKI) addresses this problem. In his original paper proposing the idea of public key cryptography, Whitfield Diffie proposed that public keys might be listed in a directory in much the same way that telephone numbers are. In order to send a message to Bob, Alice would look up his public key in the directory. This model has the advantage of simplicity, but at the time that it was proposed the Internet was neither ubiquitous nor reliable. This problem led Lauren Kohnfelder to propose that the individual entries should be signed by the maintainer to create a certificate . The certificate could then be distributed independently of the directory.

Over the years many PKIs have been proposed that have enjoyed varying degrees of success, most of which have been based on some form of digital certificate. A list of commonly cited PKIs is given in Table 8-1. Although the concepts behind PKI are relatively simple, applying these ideas to solve real-world problems has proven to be far from simple. Providing even a summary of the full features of X.509 alone would take an entire chapter, and a description comprehensive enough to serve as a guide for a programmer would take an entire book.

Table 8-1: Commonly Cited Public Key Infrastructures
PKI Name	Comments
X.509	X.509 began as a certificate format for use with protocols in the Open Systems Interconnect (OSI) family. Despite the limited success of OSI protocols, X.509 certificates are the basis of the most widely used PKIs.
PKIX	Public Key Infrastructure X.509 (PKIX) began as a profile of the X.509 specification describing the use of X.509 certificates with IETF protocols such as SSL, S/MIME, and IPSEC. Since then, the PKIX group has defined extensions to the X.509 to the extent that PKI is often referenced as a PKI model in its own right.
PGP	Pretty Good Privacy (PGP) was designed by Phil Zimmerman in a reaction to what he saw as the unnecessarily complex and authoritarian procedures required to manage an X.509 certification authority. In the PGP model, any key holder may issue a certificate (in the PGP model, it is called a key signing). Over time the key signings created by a community of PGP users form a “web of trust.”
SPKI	Simple Public Key Infrastructure has many similarities to PGP—any user may be a certificate issuer. Unlike PGP, however, the names used in SPKI are relative so that if Alice issues a certificate for ‘Alice’s Bob’ that might or might not refer to a completely different person to ‘Carol’s Bob’. Because of this, SPKI has been called the first postmodern PKI. Although SPKI has been designated an “experimental” (that is, non-standards track) protocol by the IETF, the ideas behind SPKI have influenced other important work, in particular the design of aspects of the Microsoft .NET security framework.
DNSSEC	DNS Security is a special-purpose PKI designed to secure the Internet Domain Name System (DNS), which translates DNS names (for example, abc.com) into Internet addresses (for example, 10.23.0.4). Future extensions may permit DNSSEC to be used to secure applications, provided that DNSSEC itself has been successfully deployed.

PKI in Five Easy Points

Fortunately, it is possible to describe XKMS without explaining how any of these PKIs work. In fact, the whole objective of XKMS is to allow a programmer to use a PKI despite knowing only a little of what the PKI does and nothing of how the PKI does it. For the purposes of understanding this chapter it suffices to know the following five points:

A PKI manages credentials.
A credential states the name of the holder of the private key corresponding to a public key.
A name may be the name of a person or company or a network name such as an e-mail address.
Before issuing a credential the credential issuer should authenticate the request to ensure that the party requesting the credential is both
1. the legitimate user of the specified name, and
2. the actual holder of the private key associated with the specified public key
Once issued, credentials may in certain circumstances be revoked , for example if
1. the private key is compromised in some way (lost, accidentally disclosed)
2. information in the credential is found to be invalid
3. the key holder has broken the issuer’s terms of use