Press Release

OASIS Committee Standardizes Use of Biometric Identity Assurance in Web Services and SOA

Booz Allen Hamilton, NIST, Raining Data, Raytheon, Sun Microsystems and Others Collaborate to Apply INCITS Biometric Framework for XML

Boston, MA, USA; 28 June 2006 – Members of the OASIS international standards consortium are developing a standard for invoking biometrics-based identity assurance using Web services and service oriented architectures (SOA). The new OASIS Biometric Identity Assurance Services (BIAS) Integration Technical Committee will complement the efforts of the InterNational Committee for Information Technology Standards (INCITS), a standards development organization accredited by the American National Standards Institute (ANSI). Where INCITS is working to define the taxonomy of functions that form a framework for deploying identity assurance in the biometrics and security industries, OASIS will define the methods and bindings by which that framework can be used within XML-based transactional services. The two companion standards are expected to reference one another. “We expect that the INCITS and OASIS initiatives will inform and improve on one another,” noted Karen Higgenbottom, chair of the INCITS executive board, which also serves as ANSI’s Technical Advisory Group for ISO/IEC Joint Technical Committee 1. “BIAS should significantly increase the opportunities for implementing biometric functions in XML-based systems. Likewise, current SOA methods for exchanging information and transactions data may provide useful parameters and patterns for the broader application of BIAS data in the security industry.” “Biometric systems are becoming more complex as they are integrated into larger identity management and credentialing systems,” observed Catherine Tilton of Daon, chair of the OASIS BIAS Integration Technical Committee. “At the same time, there is a growing need for data sharing and reuse of resources and services within and across organizations. Today, custom built, proprietary solutions are the only option. The availability of a standard biometric services interface will allow systems to be implemented on an open architecture and provide users with greater choice in products and services.” “This project represents complementary development efforts between OASIS and INCITS, and we hope it will serve as a model for future collaboration,” stated James Bryce Clark, director of standards development at OASIS. “It offers a compelling opportunity for existing SOA and XML security technologies to more broadly consume biometric technologies.” The new committee members foresee their work leveraging a variety of security, Web services, and SOA standards developed at OASIS, including WS-Security. In addition, vertical industry efforts that require secure identification and authentication may make use of the BIAS effort. It may also influence work produced by other standards bodies, biometrics research groups, SOA architects, vendors and users. The OASIS BIAS Integration Technical Committee will operate under Royalty Free on Limited Terms mode, as defined by the OASIS Intellectual Property Rights Policy. Participation in the Committee remains open to all companies, non-profit groups, governments, and individuals. As with all OASIS projects, archives of the Committee’s work will be accessible to both members and non-members, and OASIS will host an open mail list for public comment. Support for BIAS Booz Allen Hamilton “Booz Allen Hamilton is proud to sponsor and participate in the development of BIAS. This new standard will enhance biometric web services interoperability,” said Don Waymire, Senior Associate at Booz Allen Hamilton. “Booz Allen’s participation in BIAS is in keeping with our commitment to support biometric standards development and open system architectures.” Sun Microsystems “Sun is proud to participate on the OASIS BIAS team working on open standards for biometric use that will give organizations new choices for open and strong authentication. Whether used to replace simple passwords or add additional mechanisms, products based upon these biometric standards will enable organizations to achieve greater security through the use of open, community-driven standards,” said Edward Clay, security architect, Client Solutions Global Security Team at Sun. About OASIS: OASIS (Organization for the Advancement of Structured Information Standards) is a not-for-profit, international consortium that drives the development, convergence, and adoption of e-business standards. Members themselves set the OASIS technical agenda, using a lightweight, open process expressly designed to promote industry consensus and unite disparate efforts. The consortium produces open standards for Web services, security, e-business, and standardization efforts in the public sector and for application-specific markets. Founded in 1993, OASIS has more than 5,000 participants representing over 600 organizations and individual members in 100 countries. Approved OASIS Standards include AVDL, BCM, CAP, DITA, DocBook, DSML, ebXML CPPA, ebXML Messaging, ebXML Registry, EDXL-DE, EML, OpenDocument, SAML, SPML, UBL, UDDI, WSDM, WS-Reliability, WSRF, WSRP, WS-Security, XACML, XCBF, and XML Catalogs. OASIS Press contact: Carol Geyer Director of Communications, OASIS +1.978.667.5115 x209