Today is an auspicious day in the world of Enterprise Key Management: voting is about to complete on V1.0 of the OASIS Key Management Interoperability Protocol (KMIP) standard and indications are that it will be ratified as a full standard shortly (we hit the required 15% vote threshold early on 29th September, none against at time of writing).
It's taken a lot to get to this point and it seems a long time since I with Thales, along with collaborators from such companies a HP, IBM and RSA was planning the founding of the Technical Committee (TC) in OASIS. If nothing else, the fact that so many large and diverse companies can agree on these documents should give heart to those disillusioned with Enterprise Key Management.
So what does this mean to you?
Well, if you're a vendor and you're not in the group then it signals time to join. Standards come and go and some people are understandably sceptical of new groups, but if the impressive membership and activity levels weren't enough, ratification of the standard should now prove this one's real, and is here to stay.
If you're a user of key management then things are a little less clear. Completion of V1.0 is an important step but there's a way to go yet before we enable the dream of full Enterprise Key Management. While I can't overplay the technical achievement of V1.0, I expect real-world relevance to appear in the next year or two as the next couple of versions round out the standard in areas such as endpoint definition, inter-server communication and improved access control.
But that shouldn't put you off including KMIP in your key management strategy. Plan now, and you'll be ready to take advantage when serious adoption hits later down the line. And of course there are some members of the user community in the TC providing invaluable perspective - anyone's welcome to join.
Well done to everyone in the TC!