Hello, If you look at the RSA Conference Demos for the last 5 years where KMIP was used to address/test a stack of HSMs, the Yes, it is more widespread that XKMS.
Dennis -----Original Message----- From: Sergey Beryozkin [mailto:[email protected]] Sent: Tuesday, June 02, 2015 11:59 AM To: [email protected] Subject: Re: KMIP Support in CXF (ReST & SOAP) Hi Andrei Shakirin who worked on getting the XKMS code contribution added to CXF is off till next week, he may have an opinion; IMHO it is good to have multiple relevant options supported but I'm not sure how easy it is to do KMIP. Cheers, Sergey On 02/06/15 09:08, Yossi Cohen wrote: > Hi, > > > > We are currently evaluating several technologies for public/private > key distribution and rotation and I have two questions I was hoping CXF Dev. > could address: > > > > 1. I noticed CXF added support in XKMS for public keys (e.g., for > SAML token validation). It appears though that the adoption of KMIP > <http://en.wikipedia.org/wiki/Key_Management_Interoperability_Protocol > > in industry is more extensive than the adoption of XKMS > <http://en.wikipedia.org/wiki/XKMS>. Does it make sense for CXF to add > support for KMIP? Are there any plans to add this capability and if > yes in which version? > > 2. For key rotation we need the previous public key to be left active > side-by-side with the new public key until all signatures signed using > the previous private key are no longer in use (e.g., after session > expiration). > To support that, we need to be able to customize CXF and implement > logic that tries first to validate the signature using the new public > and upon failure, attempt to re-validate the signature using the > previous public key. That way we guarantee that we don’t break > existing sessions. WDYT about the logic? If you come to implement KMIP > support in CXF, please beware of such customization need. > > *Best Regards,* > *Yossi Cohen* > -- Sergey Beryozkin Talend Community Coders http://coders.talend.com/ Blog: http://sberyozkin.blogspot.com
