SNIA KMIP Test Program

The Storage Security Industry Forum (SSIF), a special interest community within the Storage Networking Industry Association (SNIA), announced the launch of the Key Management Interoperability Protocol (KMIP) Test Program.

The program and its test suites and protocols provide for conformance testing based on KMIP usage profiles and interoperable, secure solutions. The KMIP specification is defined by OASIS (the Organization for the Advancement of Structured Information Standards) and test profiles are established by its KMIP Technical Committee.

“SNIA is delighted to collaborate with OASIS on this important industry activity,” commented David Dale, SNIA’s COB. “SNIA has a strong history of conformance testing. At our Technology Center in Colorado Springs we have the experienced resources, practiced processes, and secure physical testing environment to support conformance test programs. For the KMIP program we added a relationship with Cryptsoft for the use of their test suite.“

Industry awareness and support of this program is growing.

“The KMIP Conformance Testing Program, run by SNIA/SSIF, is evidence that interoperability is not simply a datasheet check-box item for solution providers of encryption and enterprise key management,” said Derek Brink, VP and research fellow for Aberdeen Group, a Harte Hanks company. “Serious enterprise buyers consider multi-vendor interoperability an important requirement.” (Aberdeen Group Research Brief KMIP, KMIP, Hooray!)

“By introducing the KMIP Test Program for the industry, we’re helping to encourage not only the adoption of enterprise key management, but a means for vendors to test for conformance and provide an assurance of interoperability and a layer of trust to their customers,” said Sue Gleeson, of Oracle Corp. and SSIF chairperson.

“Security continues to increase in priority for all data management professionals and many are or should be looking to ensure they have a trusted, conformance tested approach to Key Management,” added Bruce Backa of NTP Software, Inc.‘s SSIF vice-chairman.

The KMIP Test Program offers vendors of KMIP-enabled computer technology the opportunity to test their implementation against one or more KMIP profiles with pre-defined test cases. The program provides data management, storage, and security markets with assurance that given KMIP client implementations are fully interoperable with KMIP server implementations across one or more usage profiles. Ultimately, computer solution validation establishes trust and confidence among IT buyers requiring KMIP-enabled products and solutions from an ever-increasing number of vendors providing KMIP-enabled Enterprise Key Management (EKM) servers, KMIP client appliances, and applications.

IBM Corp.‘s Rick Robinson, a member of the SSIF Committee, noted: “Including IBM, SSIF has seven organizations signed up as members and nine KMIP-enabled products in the test queue. We aim to deliver the first KMIP Test Program results in Q1 2014.”

Tony Cox of Cryptsoft Pty Ltd. and SSIF Treasurer observed: “With the program launch, we are actively signing on new participants as well as delivering market education for the importance of KMIP.”

KMIP interoperability demonstrations and a preview of the KMIP test suite was presented in the OASIS Interoperability Showcase at the RSA Conference in San Francisco, February 24-28. SNIA will be participating as part of this showcase in the OASIS booth.

The seven voting members of SSIF are: Cryptsoft, HP, IBM, NetApp, NTP Software, Oracle, and SafeNet.