XML-style PKI with XKMS
The XKMS (XML Key Management Specification), originally
sponsored by VeriSign, Microsoft, and webMethods, takes important
steps in the right direction. First and foremost, it pushes the
logic of finding and validating certificates out of the client and
into the cloud. XKMS is a Web service; if clients of that service
can shed hard-coded certificate-processing logic, it will help in
several ways. Mobile devices, in particular, could be streamlined.
As VeriSign principal scientist Phillip Hallam-Baker points out,
certificate processing is unwieldy both in terms of code (about
750KB) and data (VeriSign's Certificate Revocation List has grown
to 3MB). Everyone would benefit from the dynamic nature of the
service-oriented approach. [Full story at
InfoWorld.com.]
Former URL: http://weblog.infoworld.com/udell/2002/10/07.html#a436