Welcome!

IBM Cloud Authors: Carmen Gonzalez, Elizabeth White, Sematext Blog, Eric Robertson, Liz McMillan

News Feed Item

Key Management Interoperability Protocol (KMIP) 1.1 and KMIP Profiles 1.1 Become OASIS Standards

The OASIS international open standards consortium announced the approval of version 1.1 of the Key Management Interoperability Protocol (KMIP) Specification and KMIP Profiles. KMIP enables interoperable communication between cryptographic environments and key managers, reducing the operational, training, and infrastructure costs for key management in the enterprise. KMIP 1.1 and the related KMIP Profiles 1.1 are now official OASIS Standards, a status that signifies the highest level of ratification.

“The beauty of KMIP is that it delivers a single protocol that any cryptographic environment—tape drives, application encryption software development kits, database encryption applications—can use to talk to any key manager,” explained Robert Griffin of RSA, the security division of EMC, co-chair of the OASIS KMIP Technical Committee. “That means developers need to learn just one set of tools, and changes in key management strategy can be put in place without having to retrofit applications. The savings are tremendous.”

In addition to the main specification, KMIP Profiles define functionality sets that address specific scenarios (such as vaulting keys created within a storage environment). KMIP Profiles also define the authentication that must be used to ensure message confidentiality and integrity.

“It’s exciting to see how far we’ve come since we began work on KMIP in 2009,” said Subhash Sankuratripati of NetApp, who also co-chairs the OASIS KMIP Technical Committee. The group now includes representatives of more than 32 vendors and end user organizations from around the world. “KMIP is widely regarded as the key management interoperability solution, and version 1.1 has already been implemented in an array of products.”

Many of those products will be on display at the RSA Conference 2013 in San Francisco, 25-27 February 2013. Cryptsoft, Hewlett-Packard, IBM, QuintessenceLabs, Thales e-Security, Townsend Security, and Vormetric will demonstrate the full key management life-cycle including creating, registering, locating, retrieving, deleting, and transferring symmetric and asymmetric keys and certificates between the vendors’ systems. The demonstration builds on the substantial interoperability testing that was conducted throughout the development of KMIP 1.1.

KMIP 1.1 is offered for implementation on a royalty-free basis. Companies, non-profit groups, governments, academic institutions, and individuals are welcome to participate in the OASIS KMIP Technical Committee, which is currently working on version 1.2 of the specification. As with all OASIS projects, archives of the KMIP Technical Committee’s work are accessible to both members and non-members, and OASIS hosts an open mail list for public comment.

Support for KMIP 1.1

Cryptsoft
“As a co-editor and key contributor to KMIP 1.1, Cryptsoft is committed to providing our OEM partners and customers with innovative, standards-based technologies and as such are pleased to support v1.1 of the OASIS KMIP specification. Building on the solid foundation of KMIP v1.0, version 1.1 of the specification further addresses the full spectrum of enterprise key management requirements across physical, virtual and cloud-based deployments.”
-- Tim Hudson, Chief Security Architect, Cryptsoft

HP
“As the foundation of data protection and governance, strong cryptography and key management controls are critical elements in any enterprise encryption strategy. With the approval of KMIP 1.1, organizations can more effectively apply encryption to protect sensitive data while reducing the costs associated with managing keys across the enterprise. HP recognizes the significance of this milestone and looks forward to continued partnership with OASIS in promoting industry consensus for global security and compliance.”
-- Frank Mong, VP & General Manager of Solutions, HP Enterprise Security

IBM
“Our clients are demanding open, interoperable solutions for securing their cloud environments. Through our collaboration with the other members of the KMIP Technical Committee, and by offering support for this important revision of the KMIP standard in our currently shipping offerings, IBM is working hard to deliver on our clients requirements.”
--Todd Moore, IBM Director for Interoperability and Partnerships, IBM

Thales e-Security
“This announcement is a great step forward on the road to making enterprise key management a reality. KMIP 1.1 allows organizations to develop a key management strategy that is independent of the numerous uses of encryption across their enterprise. As an originator of the KMIP standard, Thales is pleased to actively contribute to the OASIS Technical Committee and promote the KMIP standard worldwide.”
-- Bob Lockhart, Chief Solutions Architect Key Management, Thales e-Security

Vormetric
“KMIP is widely recognized as the leading industry standard protocol for key management between an encryption client and a key management server. This standard is seeing rapid industry adoption, and we are delighted to be demonstrating our support for OASIS KMIP at RSA Conference.”
-- Ashvin Kamaraju, VP of Product Development, Vormetric

Additional information:

OASIS KMIP Technical Committee:
http://www.oasis-open.org/committees/kmip/

KMIP 1.1 OASIS Standard:
https://www.oasis-open.org/standards#kmipspecv1.1

About OASIS:
OASIS (Organization for the Advancement of Structured Information Standards) is a not-for-profit, international consortium that drives the development, convergence and adoption of open standards for the global information society. OASIS promotes industry consensus and produces worldwide standards for security, Cloud computing, business transactions, Web services, Smart Grid, content management, and other applications. OASIS open standards offer the potential to lower cost, stimulate innovation, grow global markets, and protect the right of free choice of technology. OASIS members broadly represent the marketplace of public and private sector technology leaders, users and influencers. The consortium has more than 5,000 participants representing over 600 organizations and individual members in 100 countries: http://www.oasis-open.org.

More Stories By Business Wire

Copyright © 2009 Business Wire. All rights reserved. Republication or redistribution of Business Wire content is expressly prohibited without the prior written consent of Business Wire. Business Wire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

@ThingsExpo Stories
Internet-of-Things discussions can end up either going down the consumer gadget rabbit hole or focused on the sort of data logging that industrial manufacturers have been doing forever. However, in fact, companies today are already using IoT data both to optimize their operational technology and to improve the experience of customer interactions in novel ways. In his session at @ThingsExpo, Gordon Haff, Red Hat Technology Evangelist, will share examples from a wide range of industries – includin...
"We build IoT infrastructure products - when you have to integrate different devices, different systems and cloud you have to build an application to do that but we eliminate the need to build an application. Our products can integrate any device, any system, any cloud regardless of protocol," explained Peter Jung, Chief Product Officer at Pulzze Systems, in this SYS-CON.tv interview at @ThingsExpo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
With major technology companies and startups seriously embracing IoT strategies, now is the perfect time to attend @ThingsExpo 2016 in New York. Learn what is going on, contribute to the discussions, and ensure that your enterprise is as "IoT-Ready" as it can be! Internet of @ThingsExpo, taking place June 6-8, 2017, at the Javits Center in New York City, New York, is co-located with 20th Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry p...
"We're a cybersecurity firm that specializes in engineering security solutions both at the software and hardware level. Security cannot be an after-the-fact afterthought, which is what it's become," stated Richard Blech, Chief Executive Officer at Secure Channels, in this SYS-CON.tv interview at @ThingsExpo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
According to Forrester Research, every business will become either a digital predator or digital prey by 2020. To avoid demise, organizations must rapidly create new sources of value in their end-to-end customer experiences. True digital predators also must break down information and process silos and extend digital transformation initiatives to empower employees with the digital resources needed to win, serve, and retain customers.
The IoT is changing the way enterprises conduct business. In his session at @ThingsExpo, Eric Hoffman, Vice President at EastBanc Technologies, discussed how businesses can gain an edge over competitors by empowering consumers to take control through IoT. He cited examples such as a Washington, D.C.-based sports club that leveraged IoT and the cloud to develop a comprehensive booking system. He also highlighted how IoT can revitalize and restore outdated business models, making them profitable ...
In his general session at 19th Cloud Expo, Manish Dixit, VP of Product and Engineering at Dice, discussed how Dice leverages data insights and tools to help both tech professionals and recruiters better understand how skills relate to each other and which skills are in high demand using interactive visualizations and salary indicator tools to maximize earning potential. Manish Dixit is VP of Product and Engineering at Dice. As the leader of the Product, Engineering and Data Sciences team at D...
"Once customers get a year into their IoT deployments, they start to realize that they may have been shortsighted in the ways they built out their deployment and the key thing I see a lot of people looking at is - how can I take equipment data, pull it back in an IoT solution and show it in a dashboard," stated Dave McCarthy, Director of Products at Bsquare Corporation, in this SYS-CON.tv interview at @ThingsExpo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
The Internet of Things will challenge the status quo of how IT and development organizations operate. Or will it? Certainly the fog layer of IoT requires special insights about data ontology, security and transactional integrity. But the developmental challenges are the same: People, Process and Platform and how we integrate our thinking to solve complicated problems. In his session at 19th Cloud Expo, Craig Sproule, CEO of Metavine, demonstrated how to move beyond today's coding paradigm and sh...
Today we can collect lots and lots of performance data. We build beautiful dashboards and even have fancy query languages to access and transform the data. Still performance data is a secret language only a couple of people understand. The more business becomes digital the more stakeholders are interested in this data including how it relates to business. Some of these people have never used a monitoring tool before. They have a question on their mind like “How is my application doing” but no id...
@GonzalezCarmen has been ranked the Number One Influencer and @ThingsExpo has been named the Number One Brand in the “M2M 2016: Top 100 Influencers and Brands” by Onalytica. Onalytica analyzed tweets over the last 6 months mentioning the keywords M2M OR “Machine to Machine.” They then identified the top 100 most influential brands and individuals leading the discussion on Twitter.
DevOps is being widely accepted (if not fully adopted) as essential in enterprise IT. But as Enterprise DevOps gains maturity, expands scope, and increases velocity, the need for data-driven decisions across teams becomes more acute. DevOps teams in any modern business must wrangle the ‘digital exhaust’ from the delivery toolchain, "pervasive" and "cognitive" computing, APIs and services, mobile devices and applications, the Internet of Things, and now even blockchain. In this power panel at @...
IoT is rapidly changing the way enterprises are using data to improve business decision-making. In order to derive business value, organizations must unlock insights from the data gathered and then act on these. In their session at @ThingsExpo, Eric Hoffman, Vice President at EastBanc Technologies, and Peter Shashkin, Head of Development Department at EastBanc Technologies, discussed how one organization leveraged IoT, cloud technology and data analysis to improve customer experiences and effici...
As data explodes in quantity, importance and from new sources, the need for managing and protecting data residing across physical, virtual, and cloud environments grow with it. Managing data includes protecting it, indexing and classifying it for true, long-term management, compliance and E-Discovery. Commvault can ensure this with a single pane of glass solution – whether in a private cloud, a Service Provider delivered public cloud or a hybrid cloud environment – across the heterogeneous enter...
Data is the fuel that drives the machine learning algorithmic engines and ultimately provides the business value. In his session at Cloud Expo, Ed Featherston, a director and senior enterprise architect at Collaborative Consulting, discussed the key considerations around quality, volume, timeliness, and pedigree that must be dealt with in order to properly fuel that engine.
Successful digital transformation requires new organizational competencies and capabilities. Research tells us that the biggest impediment to successful transformation is human; consequently, the biggest enabler is a properly skilled and empowered workforce. In the digital age, new individual and collective competencies are required. In his session at 19th Cloud Expo, Bob Newhouse, CEO and founder of Agilitiv, drew together recent research and lessons learned from emerging and established compa...
"IoT is going to be a huge industry with a lot of value for end users, for industries, for consumers, for manufacturers. How can we use cloud to effectively manage IoT applications," stated Ian Khan, Innovation & Marketing Manager at Solgeniakhela, in this SYS-CON.tv interview at @ThingsExpo, held November 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA.
Whether your IoT service is connecting cars, homes, appliances, wearable, cameras or other devices, one question hangs in the balance – how do you actually make money from this service? The ability to turn your IoT service into profit requires the ability to create a monetization strategy that is flexible, scalable and working for you in real-time. It must be a transparent, smoothly implemented strategy that all stakeholders – from customers to the board – will be able to understand and comprehe...
Extracting business value from Internet of Things (IoT) data doesn’t happen overnight. There are several requirements that must be satisfied, including IoT device enablement, data analysis, real-time detection of complex events and automated orchestration of actions. Unfortunately, too many companies fall short in achieving their business goals by implementing incomplete solutions or not focusing on tangible use cases. In his general session at @ThingsExpo, Dave McCarthy, Director of Products...
Information technology is an industry that has always experienced change, and the dramatic change sweeping across the industry today could not be truthfully described as the first time we've seen such widespread change impacting customer investments. However, the rate of the change, and the potential outcomes from today's digital transformation has the distinct potential to separate the industry into two camps: Organizations that see the change coming, embrace it, and successful leverage it; and...