VeriSign Bows New XML Specs, Services

Banking on the notion that aggregators and merchants will demand greater
security for business transactions, VeriSign Inc. Wednesday unveiled a host
of new XML-based specifications and services.

The giant, best known for creating secure digital certificates, also linked
arms with Microsoft Corp. and webMethods Inc. to set up the XML key
management specification (XKMS), which will enable software developers to
integrate such safeguards as digital signatures and data encryption into
e-commerce applications.

A stripped down version of Standard Generalized Markup Language (SGML),
Extensible Markup Language (XML) is a specification for Web documents that
lets designers to create their own customized tags, allowing complete
interoperability through the definition, transmission, validation and
interpretation of data between applications and between organizations.

On the services side, now developers, vendors and service providers — just
about anyone looking to conduct safe business on the Web — will benefit
from a slew of online authentication, authorization, digital signature,
encryption and payment services, courtesy of VeriSign.

Specifications of the initiative include:

  • Provisioning of Web identity services: To assist domain name registrars
    and others in accessing VeriSigns global registry data faster, VeriSign has
    developed the Extensible Provisioning Protocol (EPP) to support an XML-based
    management utility for vendors of online identity services. EPP will enable
    VeriSigns accredited registrar partners to sell domain names, telephone
    numbers and future identification assets.

  • Authorization across e-business platforms with S2ML: VeriSign is
    working with multiple partners, including Netegrity, to develop S2ML, a
    common language for sharing authentication and authorization services
    through XML documents, which will of course be compatible with XKMS

  • Payment specifications for B2B and B2C applications: VeriSigns XML Pay
    is an XML specification for payment requests and responses in a Web-based
    payment transaction environment

XML Pay, no doubt sculpted with the help of business-to-business integrator
webMethods, appeals to commerce workers such as Ariba Inc.’s Director of
Commerce Services, Randy Joss.

“Buyers and sellers within an exchange are looking for solutions to automate
and process their purchase orders online to increase the efficiency of
fulfilling orders,” said Joss. “XML Pay offers Ariba a flexible interface to
the VeriSign payment gateway to tightly integrate payment processing into
our solutions.”

As for the new XKMS specs, which Microsoft will bundle into its .NET
strategy, the parent firms see it as a revolution of sorts.

Currently, developers who want to use digital certificates and signatures
must purchase toolkits from a Public Key Infrastructure (PKI) software
vendor, such as Baltimore Technologies Inc. And these only interoperate with
that vendors PKI offerings.

With the new XKMS specification, authentication functions instead reside in
servers that can be accessed via XML transactions. The XKMS architecture,
along with the recently drafted XML digital signature standards and the
emerging XML encryption standard, provides a complete framework for ensuring
broad interoperability across applications.

“RSA Security applauds the announcement of XKMS, which should help reduce
the complexity of PKI implementation by moving key management to a trusted
server,” said John Adams, chief technology officer for RSA Security Inc.

XKMS specs are available here.

News Around the Web