RealTime IT News

VeriSign Bows New XML Specs, Services

Banking on the notion that aggregators and merchants will demand greater security for business transactions, VeriSign Inc. Wednesday unveiled a host of new XML-based specifications and services.

The giant, best known for creating secure digital certificates, also linked arms with Microsoft Corp. and webMethods Inc. to set up the XML key management specification (XKMS), which will enable software developers to integrate such safeguards as digital signatures and data encryption into e-commerce applications.

A stripped down version of Standard Generalized Markup Language (SGML), Extensible Markup Language (XML) is a specification for Web documents that lets designers to create their own customized tags, allowing complete interoperability through the definition, transmission, validation and interpretation of data between applications and between organizations.

On the services side, now developers, vendors and service providers -- just about anyone looking to conduct safe business on the Web -- will benefit from a slew of online authentication, authorization, digital signature, encryption and payment services, courtesy of VeriSign.

Specifications of the initiative include:

  • Provisioning of Web identity services: To assist domain name registrars and others in accessing VeriSigns global registry data faster, VeriSign has developed the Extensible Provisioning Protocol (EPP) to support an XML-based management utility for vendors of online identity services. EPP will enable VeriSigns accredited registrar partners to sell domain names, telephone numbers and future identification assets.
  • Authorization across e-business platforms with S2ML: VeriSign is working with multiple partners, including Netegrity, to develop S2ML, a common language for sharing authentication and authorization services through XML documents, which will of course be compatible with XKMS
  • Payment specifications for B2B and B2C applications: VeriSigns XML Pay is an XML specification for payment requests and responses in a Web-based payment transaction environment

XML Pay, no doubt sculpted with the help of business-to-business integrator webMethods, appeals to commerce workers such as Ariba Inc.'s Director of Commerce Services, Randy Joss.

"Buyers and sellers within an exchange are looking for solutions to automate and process their purchase orders online to increase the efficiency of fulfilling orders," said Joss. "XML Pay offers Ariba a flexible interface to the VeriSign payment gateway to tightly integrate payment processing into our solutions."

As for the new XKMS specs, which Microsoft will bundle into its .NET strategy, the parent firms see it as a revolution of sorts.

Currently, developers who want to use digital certificates and signatures must purchase toolkits from a Public Key Infrastructure (PKI) software vendor, such as Baltimore Technologies Inc. And these only interoperate with that vendors PKI offerings.

With the new XKMS specification, authentication functions instead reside in servers that can be accessed via XML transactions. The XKMS architecture, along with the recently drafted XML digital signature standards and the emerging XML encryption standard, provides a complete framework for ensuring broad interoperability across applications.

"RSA Security applauds the announcement of XKMS, which should help reduce the complexity of PKI implementation by moving key management to a trusted server," said John Adams, chief technology officer for RSA Security Inc.

XKMS specs are available here.