RealTime IT News

OASIS Adds PKI Forum to Security Arsenal

With security at a premium -- especially for Web services -- e-business standards group OASIS moved to bolster its ability to create safer specifications Monday when it added the PKI Forum as its newest member section.

Vital for ensuring secure transactions on the Internet, PKI, short for public key infrastructure, is a system of digital certificates, certificate authorities, and other registration authorities that verify and authenticate the validity of each party involved in a Web transaction. They essentially query a user about his or her identity, and serve as gatekeepers that monitor e-commerce exchange.

The PKI Forum is the main group responsible for aggregating PKI proprietors, end users and developers, and will continue in that capacity under the aegis of OASIS.

Victor S. Wheatman, Vice President and Research Area Director for Gartner, said the move makes sense because "it is vital for PKI to become integrated into applications."

"The synergies among the groups within OASIS should help PKI move to the next phase as an unseen but foundational part of the infrastructure," Wheatman said.

Wells Fargo's Terry Leahy, who served as chair of the PKI Forum Executive Board and now leads the OASIS PKI Member Section Steering Committee, told internetnews.com that moving PKI Forum's activities within OASIS will help members from both organizations as well as serve as a shot in the arm to the market awareness of e-business technologies.

OASIS already hosts an number of activities that address Web services and security including WS-Security, the Security Assertion Markup Language (SAML), the XML Access Control Markup Language (XACML), the Rights Language, the Service Provisioning Markup Language (SPML) and XML Common Biometric Format (XCBF) and the Digital Signature Services (DSS) protocol.

OASIS President and CEO Patrick Gannon told internetnews.com aligning PKI alongside other Web services and e-business security standards at OASIS "makes it easier for every company with a serious stake in the security agenda to be represented and involved in this work."

Going forward, members of PKI Forum will join OASIS and be eligible to contribute to the group's technical work, while existing OASIS members may participate in PKI committee activities without additional membership dues.

In related news, OASIS this week is also set to unleash SAML 1.0, which enables security objects exchange in a standard format.