BOXML will be extended to integrate OCSP over PKIs
for USAF(The department of US Air Force)
MITRE (www.mitre.org) will explore XML security BOXML for AF PKI "
(US office: San Jose, CA), a leading developer and global
supplier of dynamic XML security,today announced that its BOXML, a triple dimension XML security tool
, will be extended to integrate OCSP over PKIs
for USAF(The department of US Air Force).
OCSP(Online Certificate Status Protocol)
is a online request-response pair PKI information access
protocol composed of standardized request and response types for certificate revocation and validation status.
When a remote user attempts to access a server, OCSP sends a request for certificate status information.
he server sends back a response of "current", "expired," or "unknown."
OCSP request message is composed of protocol version number, a request type object identifier and other request
data relevant to a particular request type. Initially the OCSP responder certificate is located and the signature
on the OCSP request checked using the responder certificate's public key. Then
a normal certificate verify is performed on the OCSP responder certificate building up a certificate chain in the process.
OCSP deployment is too cumbersome and costly for the technology to achieve widespread use.
Although OCSP enables applications to determine the
revocation state of an identified certificate , OCSP can not check that certificates are signed correctly . Although a set
of trusted public keys from which certificate chains may be constructed , OCSP can not check that the certificate chains
to an acceptable trust point . Although a set of intermediate certificate authorities from which the trust chain may be
constructed , OCSP can not check that each certificate in the chain contains an acceptable certificate policy identifier
to ensure that certificates are not being misused. OCSP by itself is not sufficient to meet our customer's full requirements
OCSP requires that every user and every application verify the identity of everyone they communicate with and ensure that
the counter-party identity is appropriate for the transaction and that the identity is still valid (not been revoked).
XML security tool BOXML
BOXML creates a trust service that shields clients from complexity by
providing an XML interface to PKI and using Dynamic XML Encryption ,Multiple XML Signature and Time-Stamp Universal
Unique XML Identification . BOXML trust server supports XKMS( XML Key Management Specification) by Dynamic XML Encryption
,Multiple XML Signature and
Time-Stamp Universal Unique XML Identification. XKMS replaces many PKI protocols, such as OCSP(Online Certificate Status
Protocol),LDAP( Lightweight Directory Access Protocol),CRL(Certificate Revocation Lists),CMP(Certificate Management Protocol
) and SCEP (Simple Certificate Enrollment Protocol ), with XML-based protocols such as Register Service, Revoke Service,
Recover Service, Locate Service and Validate Service . With XKMS, trust functions reside in BOXML accessible via easily
programmed XML transactions so they can be centralized and applied consistently across platforms. The only configuration
information an BOXMLíŽs client needs is the URL of the BOXML , and the certificate which BOXML will use to sign its response.
Developers can allow applications to delegate all or part of the processing of XML multiple digital signatures and XML
partial encrypted elements to BOXML . Different trust models can be supported by using different URLs. Anything to do with
PKI can be delegated to BOXML trust server.
About The MITRE Organization
The MITRE (http://www.mitre.org)
is a not-for-profit organization chartered to work in the public interest.
As a national resource, we apply our expertise in systems engineering, information technology,
operational concepts, and enterprise modernization to address our sponsors' critical needs.
MITRE manages three Federally Funded Research and Development Centers (FFRDCs): one for the Department
of Defense (known as the DOD Command, Control, Communications and Intelligence FFRDC ), one for the Federal
Aviation Administration (the Center for Advanced Aviation Systems Development), and one for the Internal
Revenue Service (the Center for Enterprise Modernization). MITRE also has its own independent research
and development program that explores new technologies and new uses of technologies to solve our
sponsors' problems in the near-term and in the future.
For further information please contact:
Sunil J. Trivedi
Lead INFOSEC Engineer
202 Burlington Road
About Bestning Technologies
, located in San Jose ,CA is a wide range provider of XML security solutions.
Bestning's flagship product, BOXML is a set of software tools which provides user with simple-to-use
and trust-to-security for XML document.
For additional information:
2128 N. First Street, San Jose, CA 95131
Phone - 408-436-8353
Fax - 408-441-8812