It has always been, the public key system (PKI) is unable to strengthen the security of the Web business, but from the technical point of view, the deployment of PKI is too trouble, and it is costly, so it is difficult to obtain extensive applications. In this regard, the 3W Association puts forward a new standard after improvement, namely XML key management definition (XKMS). Xkms not only inherited all the essence of PKI, but also did not reduce security and scalability while significantly reduced the cost of PKI. Introduced the new power to promote the smooth development of the web business. Compared with KDC (Kerberos Key Release Center), Kerberos uses shared confidential encryption methods, so it is easy to become a hacker attack, and it contains too many sensitive information, so it is difficult to promote. PKI uses a set of public key and private key system, avoiding these issues: The private key is only held by someone; and the public key can be sent public. Therefore, using a PKI security message, for security communication between any two people, the online business similar to KDC is obviously unnecessary. In addition, the PKI has a hierarchical key system and a function of real-time analysis of the path through the hierarchy. These are all possible personal security communications that must be arranged in advance. But the deployment of PKI is also very cumbersome: it requires each user and application to verify the identity of each user of the communication, to ensure that the other's identity is really effective, and the developer is difficult to develop the corresponding system. Meet these requirements. In fact, PKI throws all trust to the user, and this requires complex library and configuration information. The appearance of XKMS makes a client and application server to share the XKMS service to consolidate each other and handle the request between them. XKMS replaces the XML-based protocol with many PKI protocols and data formats, such as certificate management protocols, and simple certificate registration protocols. XKMS can also be used to implement customers, applying servers, servers, etc. to customers, servers. In the xkms environment, the decision of trust is done by a public server. The configuration of XKMS users only is that the server's URL address and the server will be used to sign a certificate, and different URL addresses can support different trust models. The XKMS protocol provides three basic operations: positioning, that is, restoring an encrypted key, securely communicating with another person; confirming, to ensure that a key is active without abolition; registration, used to release or re- Publish, or abolish the key. Since XKMS is based on XML digital signature and encryption standard, there are many similarities. For example, the positioning lookup and confirmation are used to use one
Elements, this means that a message recipient can check the sender's identity by picking elements, view the server's response, and the server responds only by private key. Since XKMS created a trust service, the user was freed from a cumbersome configuration by providing the XML interface to the PKI. There are now many vendors to start developing XKMS toolkit and application systems, and there are many XML Web service standards, including Security Assertions Markup Language and WS-Security, using digital signatures to protect verification content and message data. This standard is currently in the final stage.
working principle
