Towards the homogeneous access and use of PKI solutions: design and implementation of a WS-XKMS server

Nowadays, there exists certain important scenarios where different WS-* security related protocols and technologies are being used, such as e-commerce, resource control, or secure access to grid nodes. Additionally, most of these scenarios require the interaction with a trust management infrastructure (such as a PKI -Public Key Infrastructure-), usually to validate the digital certificates provided by communication peers belonging, in most cases, to different administrative domains. For doing this with WS-enabled technologies the W3C proposed the XKMS (XML Key Management Specification) standard a few years ago. However, few implementations exist so far of this standard, and most of them with important limitations. This paper presents an open-source WS-enabled implementation of the XKMS standard named Open XKMS, certain key scenarios where it can be used and the details of how it has been designed and implemented. This paper tries to motivate and foster the use of the XKMS standard and describe a software solution that can help to designers and developers of WS-based security scenarios.