PKCS #11: Alive and Well!

Categories: Trusted Identity

We had our first meeting of the OASIS PKCS 11 Technical Committee last week, a very interesting and exciting start to this new stage in the life of the PKCS #11 standard. It was a very impressive gathering of folks from many different companies and countries, a breadth of participation evident in the officers and editors elected at the first meeting.  Valerie Fenwick (Oracle, US) and I (RSA, Switzerland) are co-chairs of the TC. David Smith (Venafi, US) is secretary. Susan Gleeson (Oracle, US) and Chris Zimman (Bloomberg, US) are co-editors of the Specification. John Leiseboer (QuintessenceLabs, Australia) is editor of the Usage Guide. Tim Hudson (Cryptsoft, Australia) and Sven Gossel (Charismathics, Germany) are co-editors of the Profiles. Tim Hudson, Bob Relyea (Red Hat, US) and Lawrence Lee (Go-Trust, Taiwan) are co-editors of the Test Cases. Many other countries and companies are represented in the membership of the committee, a diversity that we hope will continue to grow as we move forward.

We face important challenges, including the large backlog of work that has accumulated since the publication the PKCS #11 v2.30 draft specification in October 2009. We spent most of the first day of the face-to-face exploring those challenges through presentations by many of the TC members, discussing not only the details of corrections and enhancements to the PKCS #11 API, but also larger questions of whether PKCS #11 can be of benefit in critical areas such as mobile, cloud and virtualization security. One of the highlights of the Monday session was a presentation by Burt Kaliski on the history of PKCS #11, showing how the standard has adapted as the needs of the industry changed. That was a very encouraging insight, especially given how many areas there are in which PKCS #11 can be of benefit.

By the end of the face-to-face, we scoped out the most critical work items that we should consider for the first release of PKCS #11 as an OASIS standard. We still have lots of work to do to nail down that list and then to realize it in the specification, other documents and supporting processes. But PKCS #11 is once again alive and well!

Bob Griffin
Author:

Bob Griffin is Chief Security Architect at RSA, the Security Division of EMC, where he is responsible for technical architecture, standards and strategy, particularly for RSA’s data security products. He represents EMC to several standards organization, including as co-chair of the OASIS Key Management Interoperability Protocol (KMIP) technical committee. Bob has extensive experience in security strategy, corporate governance, business process transformation and software development. He has had the primary architectural responsibility for a number of production systems environments and for major software engineering projects at RSA, Entrust and Digital Equipment Corporation,. He is a frequently requested speaker for professional and industry conferences and has instructed courses within both professional and university settings.