cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dennis" <>
Subject RE: KMIP Support in CXF (ReST & SOAP)
Date Tue, 02 Jun 2015 16:08:51 GMT

If you look at the RSA Conference Demos for the last 5 years where KMIP was used to address/test
a stack
of HSMs, the Yes, it is more widespread that XKMS.


-----Original Message-----
From: Sergey Beryozkin [] 
Sent: Tuesday, June 02, 2015 11:59 AM
Subject: Re: KMIP Support in CXF (ReST & SOAP)


Andrei Shakirin who worked on getting the XKMS code contribution added to CXF is off till
next week, he may have an opinion; IMHO it is good to have multiple relevant options supported
but I'm not sure how easy it is to do KMIP.

Cheers, Sergey

On 02/06/15 09:08, Yossi Cohen wrote:
> Hi,
> We are currently evaluating several technologies for public/private 
> key distribution and rotation and I have two questions I was hoping CXF Dev.
> could address:
> 1.       I noticed CXF added support in XKMS for public keys (e.g., for
> SAML token validation). It appears though that the adoption of KMIP 
> <
> > in industry is more extensive than the adoption of XKMS 
> <>. Does it make sense for CXF to add 
> support for KMIP? Are there any plans to add this capability and if 
> yes in which version?
> 2.       For key rotation we need the previous public key to be left active
> side-by-side with the new public key until all signatures signed using 
> the previous private key are no longer in use (e.g., after session expiration).
> To support that, we need to be able to customize CXF and implement 
> logic that tries first to validate the signature using the new public 
> and upon failure, attempt to re-validate the signature using the 
> previous public key. That way we guarantee that we don’t break 
> existing sessions. WDYT about the logic? If you come to implement KMIP 
> support in CXF, please beware of such customization need.
>   *Best Regards,*
> *Yossi Cohen*

Sergey Beryozkin

Talend Community Coders


View raw message