February 12, 2009, 9:31 AM — A group of industry vendors, led by IBM, Hewlett-Packard and EMC, is proposing a new standard to make their encryption management software work together.
Called the Key Management Interoperability Protocol (KMIP), the standard is being proposed through OASIS (Organization for the Advancement of Structured Information Standards), the consortium best known for its development of Web-services standards.
On Thursday, OASIS is expected to announce that it has created a KMIP Technology Committee to produce the final specification for the standard. The committee will meet for the first time on April 24, but KMIP has been quietly under development for more than a year. It is also supported by Brocade, LSI, Seagate and Thales.
Backers see it as one way to replace the hodgepodge of different encryption-key management products out there. Today, IT staff must use different key management systems to control who gets access to different parts of the network. One system might be used for e-mail encryption, a second for storage and a third for the database. "The scope of the standard is very broad," said Mark Schiller, a director with HP's Security Office. "It will work for just about any type of device you can imagine."
KMIP's backers say their standard will be "complementary" to existing key management standards such as the storage-focused IEEE 1619.3 and the OASIS EKMI XML standard.
