News

Biometrics standards emerge from OASIS

• By John K. Waters
• March 12, 2002

[MARCH 12, 2002] - Experts are starting to call Biometrics, the technology that allows computers to recognize individuals automatically using distinguishing physical traits, one of the very hot areas of development in IT security. Nascent applications that identify people via fingerprints, facial contours, DNA, iris scans, voices, or other characteristics are popping up everywhere.

Now, OASIS, the Boston-based interoperability consortium, has set itself to the task of developing standard XML schema for biometrics. The group last week said it has formed the OASIS XML Common Biometric Format (XCBF) Technical Committee to come up with that standard.

"Biometrics, in essence 'what you are,' are destined to replace 'what you know' items, such as PIN numbers, and to augment 'what you have' forms of identification, such as cards," explained Phillip Griffin of Griffin Consulting, chair of the new OASIS committee. "Existing biometric standards use binary encoding formats, which severely limit their use in XML systems and applications. XCBF will provide a standard way for biometric functions to be done using XML."

Specifically, the XCBF committee will seek to define a set of XML encodings for the Common Biometric Exchange File Format (CBEFF), which describes data elements necessary to support biometric technologies in a standard way. Universal type definitions will allow biometric data to be validated and exchanged without ambiguity. The exact values specified in CBEFF binary encodings will be used in XCBF XML representations. CBEFF is a draft of the American National Standards Institute (ANSI), managed and maintained currently by the National Institute of Standards Technology (NIST).

"The message syntax for transferring information across the Internet seems to be focused on XML-based dialects," Jeff Stapleton of KPMG LLP, chair of the X9F4 working group of the X9 Accredited Standards Committee (ASC) of ANSI said in an OASIS media release, "and biometric information is no different in this respect. What's critically important is that XCBF meets the American National Standard X9.84 security requirements regarding the authenticity and integrity of biometric data. By basing this XML work on the schema and security mechanisms defined in X9.84, it should be possible for XCBF to meet these requirements."

Participation in the OASIS XCBF Technical Committee remains open to all organizations and individuals interested in advancing a standard XML schema for biometrics, said Carol Geyer, director of communications at OASIS. The group will host an open mail list for public comment on XCBF, and completed work will be freely available to the public without licensing or other fees. Information on joining OASIS can be found on http://www.oasis-open.org/join.