Using the XML Key Management Specification (and Breaking X.509 Rules as You Go)

  • Stephen Farrell
  • José Kahan
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3677)


Implementing X.509 based public-key infrastructure requires following a complex set of rules to establish if a public key certificate is valid. The XML Key Management Specification has been developed as one way in which the implementation burden can be reduced by moving some of this complexity from clients and onto a server. In this paper we give a brief overview of the XML key management specification standard, and describe how, in addition to the above, this system also provides us with the means to sensibly break many of the rules specified for X.509 based public key infrastructure.


Application Server Covert Channel Registration Service Validate Request Policy Check 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Hallam-Baker, P., Mysore, S.H. (eds.): XML Key Management Specification (XKMS 2.0). Recommendation, W3C (2005),
  2. 2.
    Hallam-Baker, P., Mysore, S.H. (eds.): XML Key Management Specification (XKMS 2.0) Bindings. Recommendation, W3C (2005),
  3. 3.
    Housley, R., Polk, W., Ford, W., Solo, D.: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. RFC, IETF (2002),
  4. 4.
    Eastlake, D., et al. (eds.): XML-Signature Syntax and Processing. Recommendation, W3C (2002),
  5. 5.
    Eastlake, D., Reagle, J. (eds.): XML Encryption Syntax and Processing. Recommendation, W3C (2002),
  6. 6.
    Alvaro, G., Farrell, S., Lindberg, T., Lockhart, R., Zhang, Y.: XKMS Working Group Interoperability Status Report. In: Proceedings of EuroPKI 2005, Univerrsity of Kent, Canterbury, England (2005) (to appear),
  7. 7.
    Zimmermann, P.: Pretty Good Privacy (PGP), PGP User’s Guide. Technical report, MIT (1994)Google Scholar
  8. 8.
    Freeman, T., Housley, R., Malpani, A., Cooper, D., Polk, T.: Simple Certificate Validation Protocol (SCVP). Internet Draft, IETF (2005),
  9. 9.
    Housley, R.: Cryptographic Message Syntax. RFC, IETF (2004),
  10. 10.
    Tuecke, S., Welch, V., Engert, D., Pearlman, L., Thompson, M.: Internet X.509 Public Key Infrastructure (PKI) Proxy Certificate Profile. RFC, IETF (2004),

Copyright information

© IFIP International Federation for Information Processing 2005

Authors and Affiliations

  • Stephen Farrell
    • 1
  • José Kahan
    • 2
  1. 1.Distributed Systems Group, Department of Computer ScienceTrinity CollegeDublin 2Ireland
  2. 2.W3C / ERCIM, INRIA Rhône-Alpes, ZIRSTST ISMIERFrance

Personalised recommendations