Trust Assertion XML Infrastructure

The Trust Assertion XML Infrastructure (TAXI) is described. TAXI is a PKI research project that had the objective of developing technology that would assist the deployment of PKI. Parts of the TAXI architecture have since been realized in open standards, notably the XKMS [XKMS] and SAML [SAML] specifications, other parts of the TAXI architecture such as XTAML [XTAML] and XKASS [XKASS] have been published as research notes for public review and possible standardization at a later date. The paper describes the architectural principles underlying the design decisions taken in these specifications. 1 Cryptography and Trust Public Key cryptography permits secure communication to be established between any parties provided only that each has trustworthy knowledge of the public key of the other. The means by which that trustworthy knowledge is obtained is known as Public Key Infrastructure (PKI). PKI secures the interface between the abstract world of electronic communications and the concrete offline world. PKI is complex and subtle because the world is complex and subtle. The deployment of PKI in the real world has been subject to numerous disputes about architecture, factional schisms and political intrigues. While some of these disputes have technical merit few have advanced the cause for PKI. The quest for the perfect PKI has too often been the enemy of deployment of a good PKI. This paper describes the Trust Assertion XML Infrastructure (TAXI), a research project that was undertaken in the summer of 2000 with the objective of developing technology that would assist the deployment of PKI. Parts of the TAXI architecture have since been realized in open standards, notably the XKMS [XKMS] and SAML [SAML] specifications, other parts of the TAXI architecture such as XTAML [XTAML] and XKASS [XKASS] have been published as research notes for public review and possible standardization at a later date. Standards documents intended to describe a normative specification should not provide any discussion of the architectural principles. This paper is intended to make good this omission and to explain how the different components of the TAXI architecture were intended to fit together. In view of the developments since the original TAXI architecture was developed this paper makes use of the terminology and concepts used in the XKMS and SAML specifications rather than those of the original documents.