XML-style PKI with XKMS

The XKMS (XML Key Management Specification), originally sponsored by VeriSign, Microsoft, and webMethods, takes important steps in the right direction. First and foremost, it pushes the logic of finding and validating certificates out of the client and into the cloud. XKMS is a Web service; if clients of that service can shed hard-coded certificate-processing logic, it will help in several ways. Mobile devices, in particular, could be streamlined. As VeriSign principal scientist Phillip Hallam-Baker points out, certificate processing is unwieldy both in terms of code (about 750KB) and data (VeriSign's Certificate Revocation List has grown to 3MB). Everyone would benefit from the dynamic nature of the service-oriented approach. [Full story at InfoWorld.com.]

Former URL: http://weblog.infoworld.com/udell/2002/10/07.html#a436