The primary objectives of XKMS are
XKMS的主要目标是
Security of the XKMS service itself.
XKMS服务本身的安全性。
XML Key Management Specification (XKMS).
xml密钥管理规范(XKMS)。
Step 3: Specify the key data required in XKMS key registration.
步骤3:指定XKMS密钥注册所需的密钥数据。
The client can also tell the XKMS service to keep the private key as well.
客户机还可以告诉XKMS服务,让XKMS服务也保留私钥。
Now, XKMS provides an easy mechanism for using and integrating PKI with applications.
现在,XKMS为使用PKI和将PKI与应用程序集成提供了一种容易的机制。
In that article, I covered ease of management of a security infrastructure using XKMS.
在那篇文章中,我讨论了使用XKMS实现安全基础设施的易管理性。
The private key is kept with the XKMS service in case the client loses its private key.
在客户机丢失了私钥的情况下,私钥就与XKMS服务保持一致。
In rest of this article, I will demonstrate how XKMS provides an answer to this problem.
在本文的其余部分,我将演示XKMS如何为这个问题提供答案。
For example, an X.509 certificate that's bound to an XKMS key is destroyed when this operation is called.
例如,当调用这个操作时,绑定到一个XKMS密钥的X . 509凭证将被销毁。
The trusted third party hosts the XKMS service while providing a PKI interface to the client applications.
这个受信任的第三方在提供一个到客户机应用程序的PK i接口的同时驻留了XKMS服务。
This part of XKMS addresses the mechanism that allows client applications to authenticate encrypted/signed data.
XKMS的这一部分为允许客户机应用程序认证经过加密/签名的数据提供机制。
In future articles, I will discuss Security Assertion Markup Language (SAML) and XML Key Management System (XKMS).
在今后的文章中,我将要讨论安全性断言标记语言(Security Assertion Markup Language,SAML)和xml密钥管理系统(XML Key Management System,XKMS)。
The XKRSS service specification does not make it mandatory for the XKMS service to implement any of the operations.
XKRSS服务规范并不强制要求XKMS 服务实现上述任何一种操作。
Step 5: Create an instance of the XKMSRegister object by providing the XKMS key data and authorization information.
步骤5:通过提供XKMS密钥数据和授权信息,创建XKMSRegister对象的一个实例。
An XKMS service implementing XKRSS service specifications may choose to offer some, all, or none of these operations.
实现了XKRSS服务规范的XKMS服务可以选择提供一些、所有或者不提供这些操作。
You should be aware of few things before you entrust the security of your documents and applications to the XKMS service.
您还应该了解一些事情,然后才可以把文档和应用程序的安全性托付给XKMS服务。
The public key distributed with XML digital signatures can be wrapped in XML Key Management Specification (XKMS) formats.
可以用XML密钥管理规范(XMLKey Management Specification (XKMS))格式封装与 XML数字签名一起分发的公钥。
Obtain from the service provider the information that you will need to register keys with their demo or test XKMS service.
从该服务提供程序获取您在将密钥注册到它们的演示或测试XKMS服务时所需的信息。
Prevent replay attacks: Ensure that the reply that XKMS service sends for a request is not captured by an unauthorized third party.
防止重复攻击(replay attack):确保XKMS服务为某请求发送的回复不被未经授权的第三方捕获到。
This captured response can again be sent by the third party as a response to some other request and masquerade as the XKMS service itself.
这个捕获到的响应可以被第三方作为对其他请求的响应再次发送,并假装它就是XKMS服务本身。
In order to use the code in the listing, you will have to contact some XKMS service provider that has a demo or test XKMS service running.
为了使用该清单中的代码,必须与某个具有演示或测试XKMS服务运行的XKMS服务提供程序联系。
XKMS allows easy management of the PKI by abstracting the complexity of managing the PKI from client applications to a trusted third party.
XKMS 将管理客户机应用程序的PKI 的复杂性抽象到了一个受信任的第三方,从而使 PKI 易于管理。
XKMS lowers the complexity of deploying PKI in client, and provides an interoperable security infrastructure for the network applications.
XKMS降低了客户端部署PKI的复杂度,为网络应用提供了可以互操作的安全基础设施。
XKMS reduces the complexity of deploying PKI in client, and provides an interoperable security infrastructure for the network applications.
XKMS降低了客户端部署PKI的复杂度,为网络应用提供了可以互操作的安全基础设施。
The issues that I touch upon in this section relate to any Web-based service, but it's important to ensure that XKMS is reliable and available.
在这一节中我大致谈到的问题与所有基于Web的服务有关,但是应该确保XKMS可靠和可用,这一点很重要。
Hence, keys used for such a purpose can very safely be generated by the client, and the private key may never be registered with the XKMS service.
因此,由客户机来生成那种用途的密钥是很安全的,而且完全可以不将私钥注册到XKMS服务。
Prevent denial of service attacks: Using XKMS to get key information is useful if it is available when needed and within a reasonable amount of time.
防止服务的抵赖攻击(denial of service attack):使用XKMS来获取密钥信息比较有用,前提是XKMS在需要的时候可用,并且这一过程能在合理的时间内完成。
Step 4: Specify the registration authorization data required for XKMS key registrations. There are two ways to provide the authorization information.
步骤4:指定XKMS密钥注册所需的注册授权数据。
It USES improved mechanism of certificate revocation status and optimized data structure of LDAP directory and LDAP connection to support XKMS service.
通过改进证书撤销状态验证机制以及对LDAP目录结构和数据连接的优化来更好地支持XKMS服务。
应用推荐