KEAML - Key Exchange and Authentication Markup Language

It is not uncommon that an enterprise application-level business entity in one security domain needs to be engaged in protected information exchanges across unsecured public networks with a number of other entities from separate security domains in an ad-hoc fashion. Neither having a trusted central authority to manage this activity nor a proprietary security handshake protocol designed for particular applications works; the former is often impractical while the latter lacks interoperability and typically cannot be massively deployed. Experience has also shown that proprietary protocols are usually very weak and vulnerable to a variety of attacks. It is desirable to have a standardized protocol for mutual key exchange and authentication that is resistant to a variety of attacks, scalable, and sufficiently flexible to be deployed in a number of different application environments. Unfortunately, no such standard has been developed for enterprise-level applications and services. This paper defines an XML-based key exchange and authentication framework along with a protocol, with concepts such as two-phase negotiation, standardized key exchange templates that resist attack, and public components for Diffie-Hellman exchange borrowed from ISAKMP/IKE (the layer 3 security framework and protocol for VPN). The proposed protocol also leverages the W3C XML encryption and XML signature specifications to allow field-level encryption and signing of KEAML protocol messages, where required