News

OASIS takes over PKI development

• By Rich Seeley
• November 6, 2002

Further development and promotion of Public-Key Infrastructure (PKI) security technology for e-business and Web services applications will be done by the OASIS global standards consortium, which announced this week that it is taking over the PKI Forum.

Including PKI with the other OASIS XML-based standards for e-business applications ''makes sense'' to Victor Wheatman, vice president and research area director at Gartner Inc., a Stamford, Conn.-based consulting firm. Integration with XML standards is vital for the advancement of the PKI technology, he contends.

''The synergies among the groups within OASIS should help PKI move to the next phase as an unseen but foundational part of the infrastructure,'' Wheatman said when OASIS outlined its plans.

PKI will now be included with other OASIS projects involving Web services and security, including Security Assertion Markup Language (SAML), the XML Access Control Markup Language (XACML), the Rights Language, the Service Provisioning Markup Language (SPML) and XML Common Biometric Format (XCBF) and Digital Signature Services (DSS) protocol.

The PKI Forum, renamed the OASIS PKI Member Section, will continue to be led by Terry Leahy of Well Fargo Bank, who has been serving as chairman of the board for the forum, according to the OASIS announcement.

In other security standards related news, OASIS announced that its members have approved the Security Assertion Markup Language (SAML) 1.0 as an OASIS Open Standard, which is the consortium's highest level of ratification. SAML is an XML-based framework for Web services that allows the exchange of authentication and authorization information among business partners. SAML enables Web-based security interoperability functions, such as single sign-on, across sites hosted by multiple companies.

For more information, click on http://www.pkiforum.org and http://www.oasis-open.org.