Key Management Interoperability Protocol (KMIP) 1.1 and KMIP Profiles 1.1 Become OASIS Standards

  Key Management Interoperability Protocol (KMIP) 1.1 and KMIP Profiles 1.1
  Become OASIS Standards

 Axway, CA Technologies, CertiVox, Cryptsoft, EMC, HP, IBM, Oracle, Red Hat,
SafeNet, Symantec, Thales e-Security, US NIST, Venafi, VMware, Vormetric, and
    Others Collaborate on New Version of Cryptography Standard for Email,
                          Databases, Storage Devices

RSA Conference 2013

Business Wire

BOSTON -- February 12, 2013

The OASIS international open standards consortium announced the approval of
version 1.1 of the Key Management Interoperability Protocol (KMIP)
Specification and KMIP Profiles. KMIP enables interoperable communication
between cryptographic environments and key managers, reducing the operational,
training, and infrastructure costs for key management in the enterprise. KMIP
1.1 and the related KMIP Profiles 1.1 are now official OASIS Standards, a
status that signifies the highest level of ratification.

“The beauty of KMIP is that it delivers a single protocol that any
cryptographic environment—tape drives, application encryption software
development kits, database encryption applications—can use to talk to any key
manager,” explained Robert Griffin of RSA, the security division of EMC,
co-chair of the OASIS KMIP Technical Committee. “That means developers need to
learn just one set of tools, and changes in key management strategy can be put
in place without having to retrofit applications. The savings are tremendous.”

In addition to the main specification, KMIP Profiles define functionality sets
that address specific scenarios (such as vaulting keys created within a
storage environment). KMIP Profiles also define the authentication that must
be used to ensure message confidentiality and integrity.

“It’s exciting to see how far we’ve come since we began work on KMIP in 2009,”
said Subhash Sankuratripati of NetApp, who also co-chairs the OASIS KMIP
Technical Committee. The group now includes representatives of more than 32
vendors and end user organizations from around the world. “KMIP is widely
regarded as the key management interoperability solution, and version 1.1 has
already been implemented in an array of products.”

Many of those products will be on display at the RSA Conference 2013 in San
Francisco, 25-27 February 2013. Cryptsoft, Hewlett-Packard, IBM,
QuintessenceLabs, Thales e-Security, Townsend Security, and Vormetric will
demonstrate the full key management life-cycle including creating,
registering, locating, retrieving, deleting, and transferring symmetric and
asymmetric keys and certificates between the vendors’ systems. The
demonstration builds on the substantial interoperability testing that was
conducted throughout the development of KMIP 1.1.

KMIP 1.1 is offered for implementation on a royalty-free basis. Companies,
non-profit groups, governments, academic institutions, and individuals are
welcome to participate in the OASIS KMIP Technical Committee, which is
currently working on version 1.2 of the specification. As with all OASIS
projects, archives of the KMIP Technical Committee’s work are accessible to
both members and non-members, and OASIS hosts an open mail list for public
comment.

Support for KMIP 1.1

Cryptsoft
“As a co-editor and key contributor to KMIP 1.1, Cryptsoft is committed to
providing our OEM partners and customers with innovative, standards-based
technologies and as such are pleased to support v1.1 of the OASIS KMIP
specification. Building on the solid foundation of KMIP v1.0, version 1.1 of
the specification further addresses the full spectrum of enterprise key
management requirements across physical, virtual and cloud-based deployments.”
-- Tim Hudson, Chief Security Architect, Cryptsoft

HP
“As the foundation of data protection and governance, strong cryptography and
key management controls are critical elements in any enterprise encryption
strategy. With the approval of KMIP 1.1, organizations can more effectively
apply encryption to protect sensitive data while reducing the costs associated
with managing keys across the enterprise. HP recognizes the significance of
this milestone and looks forward to continued partnership with OASIS in
promoting industry consensus for global security and compliance.”
--  Frank Mong, VP & General Manager of Solutions, HP Enterprise Security

IBM
“Our clients are demanding open, interoperable solutions for securing their
cloud environments. Through our collaboration with the other members of the
KMIP Technical Committee, and by offering support for this important revision
of the KMIP standard in our currently shipping offerings, IBM is working hard
to deliver on our clients requirements.”
--Todd Moore, IBM Director for Interoperability and Partnerships, IBM

Thales e-Security
“This announcement is a great step forward on the road to making enterprise
key management a reality. KMIP 1.1 allows organizations to develop a key
management strategy that is independent of the numerous uses of encryption
across their enterprise. As an originator of the KMIP standard, Thales is
pleased to actively contribute to the OASIS Technical Committee and promote
the KMIP standard worldwide.”
-- Bob Lockhart, Chief Solutions Architect Key Management, Thales e-Security

Vormetric
“KMIP is widely recognized as the leading industry standard protocol for key
management between an encryption client and a key management server. This
standard is seeing rapid industry adoption, and we are delighted to be
demonstrating our support for OASIS KMIP at RSA Conference.”
-- Ashvin Kamaraju, VP of Product Development, Vormetric

Additional information:

OASIS KMIP Technical Committee:
http://www.oasis-open.org/committees/kmip/

KMIP 1.1 OASIS Standard:
https://www.oasis-open.org/standards#kmipspecv1.1

About OASIS:
OASIS (Organization for the Advancement of Structured Information Standards)
is a not-for-profit, international consortium that drives the development,
convergence and adoption of open standards for the global information society.
OASIS promotes industry consensus and produces worldwide standards for
security, Cloud computing, business transactions, Web services, Smart Grid,
content management, and other applications. OASIS open standards offer the
potential to lower cost, stimulate innovation, grow global markets, and
protect the right of free choice of technology. OASIS members broadly
represent the marketplace of public and private sector technology leaders,
users and influencers. The consortium has more than 5,000 participants
representing over 600 organizations and individual members in 100 countries:
http://www.oasis-open.org.

Contact:

OASIS
Carol Geyer, +1-941-284-0403
OASIS Senior Director of Communications
carol.geyer@oasis-open.org