The XKMS XML Key Management system has two goals:
To minimize the effort required by clients to obtain keys and verify trust in them by providing a server or servers with which the client can have a trust relationship. This server or servers can then unload several tasks from the client: locating servers from which to obtain revocation information, obtaining and using revocation information, validating chains of certificates, and more.
To provide, where appropriate, central control of policy among a group of clients by implementing that policy at the XKMS server or servers used by those clients.
The key management system consists of two parts:
The Key Information Service, for obtaining keys and information ...