Brief Summary

• brief introduction to XKMS
• advantages over KERBEROS

Document-Structure

Interesting Cites and facts

• PKI scales well because it does not require an online service such as Kerberos Key Distribution Center. Because Kerberos uses shared-secret cryptography, it's a likely target for hacker attacks. And because it contains so much sensitive information, it is usually not widely replicated, making it a potential single point of failure.
• XKMS replaces many PKI protocols and data formats, such as Certificate Revocation Lists, Online Certificate Status Protocol, Lightweight Directory Access Protocol, Certificate Management Protocol and Simple Certificate Enrollment Protocol, with one XML-based protocol. XKMS also can be implemented client-to-client, server-to-client, server-to-server, and so forth.
• The XKMS protocol provides three fundamental operations:
  • locating, which retrieves a cryptographic key so that it can communicate securely with another entity
  • validating, which makes sure the key is active and has not been revoked
  • registering, which issues, reissues and revokes keys
• PKI requires that every user and every application verify the identity of everyone they communicate with and ensure that the counter-party identity is appropriate for the transaction and that the identity is still valid (not been revoked)
• With XKMS, trust decisions are given to a common server so they can be centralized and applied consistently across platforms.
• XKMS works with the XML Digital Signature and Encryption standards