Who Are You? Who..Who? Who…Who?

At a time when proving you are who you say you are has perhaps reached its zenith in importance, XML interoperability group OASIS Thursday said it has put together a new technical committee to focus on biometrics.

Boston’s OASIS created the XML Common Biometric Format (XCBF) Technical Committee to provide a standard XML schema for biometrics,
which is a way to describe information that verifies identity based on human characteristics such as DNA, fingerprints, iris scans,
and hand geometry. XCBF will be used in biometric applications that measure attendance, grant access control to documents or other
resources, and facilitate non-repudiation in commerce.

Phillip H. Griffin of Griffin Consulting, chair of the OASIS XCBF Technical Committee, said biometrics serves to prove “what you
are” to replace “what you know” details, such as PIN numbers.

“Existing biometric standards use binary encoding formats, which severely limit their use in XML systems and applications. XCBF will
provide a standard way for biometric functions to be done using XML,” Griffin said. “”Clearly 9/11 has made the necessity of secure, interoperable biometric solutions a high priority. But all of the pieces of XCBF have been coming together for some time. The final part needed, the ISO/IEC and ITU-T ASN.1 XML Encoding Rules
(XER) is now under final ballot.”

Lest it sound too much like something out of a James Bond film, market research firm vouched for biometrics in a December 2001
study, which said the practice of more accurate identification with hardware and software authentication is undergoing
metamorphosis. Of course, the tragic events of Sept. 11 weigh heavily on these changes.

“Software platforms that support a heterogeneous mix of biometrics, tokens, and smart cards promise to boost security, reduce cost,
and improve convenience,” said Chris Christiansen, program vice president of IDCs Internet Infrastructure and Security Software
services. “Simultaneously, physical security and surveillance technologies are coalescing with both hardware and software
authentication technologies. The events of September 11 only served to accelerate these market trends.”

IDC said firms will use multiple authentication methods, including biometric hardware and software solutions, to ensure a an
individual’s identity. As for market figures, IDC said the worldwide biometrics market touched on $118.8 million in 2000 and will
continue to increase over the next five years at a compound annual growth rate of 50 percent.

As for the infant group XCBF, it’s goal is to define a set of XML encodings for the Common Biometric Exchange File Format (CBEFF),
which describes data necessary to support biometrics in a standard way. Universal Definitions will allow biometric data to be
validated and exchanged without ambiguity. CBEFF is a draft of the American National Standards Institute (ANSI), maintained by the
National Institute of Standards Technology (NIST).

“What’s critically important is that XCBF meets the American National Standard X9.84 security requirements regarding the
authenticity and integrity of biometric data,” said Jeff Stapleton of KPMG LLP, chair of the X9F4 working group of the X9 Accredited
Standards Committee (ASC) of ANSI. By basing this XML work on the schema and security mechanisms defined in X9.84, it should be
possible for XCBF to meet these requirements.”

OASIS, whose ultimate goal is to carve out XML-based standards to smooth e-business, has announced a phalanx of technical committees in recent months, including one for Web services, one for a universal business language and one for http://www.internetnews.com/dev-news/article/0,,10_974381,00.html”>knowledge management and geography.

News Around the Web