World Library  
Flag as Inappropriate
Email this Article

Key Management Interoperability Protocol

Article Id: WHEBN0023524635
Reproduction Date:

Title: Key Management Interoperability Protocol  
Author: World Heritage Encyclopedia
Language: English
Subject: IEEE P1619, Component content management system, Content Assembly Mechanism, Security Assertion Markup Language, Linear Tape-Open
Publisher: World Heritage Encyclopedia

Key Management Interoperability Protocol

The Key Management Interoperability Protocol (KMIP) is a Organization for the Advancement of Structured Information Standards (OASIS).


A KMIP server stores and controls Managed Objects such as Symmetric and Asymmetric keys, Certificates, and user defined objects. Clients then use the protocol to access these objects subject to a security model that is implemented by the servers. Objects have core Base Object properties such as key length and value, as well as extended Attributes that can include user defined attributes.

Each object is identified by an immutable, unique object identifier, as well as a mutable Name attribute. Key objects can be Created on the server (with the server generating the key value) or Registered with key values provided by the client. The Get operation will then retrieve them based on the unique identifier, and their attributes can be Modified. A Locate operation is also provided to find objects based on their attributes using a simple query language. There are also CA functions to sign certificates and verify certificate chains.

KMIP is a network protocol rather than an application programming interface like PKCS11. It has a binary format consisting of nested Tag, Type, Length and Value (TTLV) structures which is similar to but different from ASN.1 encoding. The TTLV is normally transmitted raw, but it may optionally be wrapped in HTTPS. TLS is mandated for link level security in communication between clients and servers.

KMIP also defines a set of profiles which are subsets of the KMIP specification showing common usage for a particular context like a storage array or a tape library where subsets of KMIP are used.


KMIP was initially submitted to OASIS for standardization on February 12, 2009. The specification was voted on by members of the KMIP technical committee. Version 1.0 was formally ratified on October 1, 2010.[1]

By 2010 some vendors released or announced planned release dates for updates to their key management products to support KMIP.[2] Vendors demonstrated interoperability at the RSA Conferences held in in March 2010, February 2011,[3] 2012,[4] 2013 [5] and 2014.[6]

Use case examples for KMIP outline how messages are formatted and communicated between a KMIP client and a KMIP server in available in a variety of formats.[7]

Summary of interoperability results between vendors from plug-fests and interoperability showcases organised by the OASIS KMIP technical committee.[8]

There were about sixty-four participants from about thirty organizations on the committee as at January 2012. Eleven companies demonstrated support for the standard in the 2012 RSA conference.[9] Version 1.1 was drafted in July 2011, and approved in January 2013.[10] The first official committee specification draft of Version 1.2 was posted in October 2013.[11] Version 1.2 is currently in public review.[12]

The OASIS KMIP Technical Committee maintains a list of known (to the TC members) KMIP implementations on the KMIP TC Wiki.[13]

The Storage Networking Industry Association (SNIA) announced a formal KMIP conformance testing program in 2014.[14]

Known SDK implementations

  • Cryptsoft (Clients in C, Java, C-Sharp and Python, Servers in C and Java)[15]
  • OASIS KMIP TC Wiki - known KMIP implementations[16]
  • Open Source KMIP Server (C Sharp)) [17]
  • Open Source KMIP Client (Java) [18]
  • Project 6 Research (Client in C++) [19]

See also


  1. ^ Mary McRae (October 1, 2010). "Approval of KMIP v1.0 and KMIP Profiles v1.0 as OASIS Standards". tc-announce mailing list. Retrieved October 7, 2013.
  2. ^  
  3. ^ "KMIP Interoperability Demonstration". OASIS. 
  4. ^ "KMIP Interoperability Demonstration at RSA 2012". OASIS. 
  5. ^ "OASIS Security Standards Showcase at RSA Conference & Exposition 2013". OASIS. 
  6. ^ "OASIS Security Standards Showcase at RSA Conference & Exposition 2014". OASIS. 
  7. ^ Cryptsoft (2012-01-27). "KMIP Use Cases". Retrieved 2013-10-07. 
  8. ^ "Summary of interoperability results between vendors". 
  9. ^ Eleven Companies Demonstrate Support for KMIP
  10. ^ "Key Management Interoperability Protocol Specification Version 1.1". Official web site. OASIS. 2013-01-24. Retrieved 2013-10-07. 
  11. ^ "Key Management Interoperability Protocol Specification Version 1.2". Official web site. OASIS. 2013-10-31. Retrieved 2013-12-21. 
  12. ^ "30-day Public Reviews for 12 #KMIP Committee Specification Drafts and 2 KMIP Committee Note Drafts". Official web site. OASIS. 2014-03-20. Retrieved 2014-03-20. 
  13. ^ "OASIS KMIP TC Wiki - known KMIP implementations". 
  14. ^ "SNIA KMIP Test Program Announced". Official web site. SNIA. 2014-02-24. Retrieved 2014-03-20. 
  15. ^ Cryptsoft. "Key Management Interoperability Protocol SDKs". Cryptsoft. Retrieved October 7, 2013. 
  16. ^ "OASIS KMIP Wiki - known KMIP implementations". 
  17. ^ "Open source KMIP Server". Retrieved March 20, 2014. 
  18. ^ "KMIP4J Open Source Implementation". 
  19. ^ "SKC Secure KMIP Client SDK". Project 6 Research. 

External links

  • "OASIS KMIP Technical Committee". 
This article was sourced from Creative Commons Attribution-ShareAlike License; additional terms may apply. World Heritage Encyclopedia content is assembled from numerous content providers, Open Access Publishing, and in compliance with The Fair Access to Science and Technology Research Act (FASTR), Wikimedia Foundation, Inc., Public Library of Science, The Encyclopedia of Life, Open Book Publishers (OBP), PubMed, U.S. National Library of Medicine, National Center for Biotechnology Information, U.S. National Library of Medicine, National Institutes of Health (NIH), U.S. Department of Health & Human Services, and, which sources content from all federal, state, local, tribal, and territorial government publication portals (.gov, .mil, .edu). Funding for and content contributors is made possible from the U.S. Congress, E-Government Act of 2002.
Crowd sourced content that is contributed to World Heritage Encyclopedia is peer reviewed and edited by our editorial staff to ensure quality scholarly research articles.
By using this site, you agree to the Terms of Use and Privacy Policy. World Heritage Encyclopedia™ is a registered trademark of the World Public Library Association, a non-profit organization.

Copyright © World Library Foundation. All rights reserved. eBooks from Project Gutenberg are sponsored by the World Library Foundation,
a 501c(4) Member's Support Non-Profit Organization, and is NOT affiliated with any governmental agency or department.