Booz Allen Hamilton, US National Institutes of Health (NIH), US National Institute of Standards and Technology (NIST), US Department of Defense (DoD) and Others Advance Profile for Verifying Biometrics Identity in an SOA Framework
15 August 2012 – Members of the OASIS international standards consortium have approved the Biometric Identity Assurance Services (BIAS) SOAP Profile as an OASIS Standard, a status that signifies the highest level of ratification. The BIAS SOAP Profile defines a method for performing biometric operations within a Services Oriented Architecture (SOA) using XML and SOAP Web services messaging.
The BIAS SOAP Profile is a specific implementation (or binding) of ANSI INCITS 442-2010. The INCITS standard defines the requirements for BIAS operations and data elements which can be implemented using any encoding scheme or messaging protocol, whereas the OASIS standard defines a conformant implementation. These SOAP-based services enable a software application (requester) to invoke biometric identity assurance operations provided by a local or remote BIAS service provider (responder).
“Biometric systems are becoming more complex as they are integrated into larger identity management and credentialing systems. They are increasingly being used in large-scale systems built on an SOA,” explained Kevin Mangold of the US NIST, co-chair of the OASIS BIAS Integration Technical Committee. “In these environments, the BIAS SOAP Profile makes it possible for data to be shared and resources and services to be reused within and across organizations.”
“We are excited to achieve the milestone of becoming an official OASIS Standard,” said Catherine Tilton of Daon, co-chair of the OASIS BIAS Integration Technical Committee. “The BIAS SOAP Profile is much needed for facilitating service-based communication between heterogeneous biometric systems and subsystems. We look forward to BIAS being widely adopted within a variety of applications.”
To aid in the development of operational BIAS implementations, the US NIST has developed a basic reference implementation of the OASIS BIAS specification, implementing all of its major biometric capabilities (i.e., enroll/verify/identify). The provided source contains a cross-language solution comprising a standalone Web service (VB.NET) and client (Adobe Flex). This implementation is freely available for download.
BIAS is intended to be used in open systems alongside related standards such as the Web services for Biometric Devices (WS-BD) from US NIST. WS-BD handles the biometric capture device interface (front-end functionality), while BIAS addresses the backend biometric services.
Participation in the OASIS BIAS Integration Technical Committee is open to all interested parties. Archives of the Committees’ work are accessible to both members and non-members, and OASIS invites public review and comment. Going forward, the Committee intends to broaden its scope, potentially to include a BIAS REST Profile.
OASIS BIAS Integration Technical Committee
OASIS is a not-for-profit, international consortium that drives the development, convergence and adoption of open standards for the global information society. OASIS promotes industry consensus and produces worldwide standards for identity, security, cloud computing, business transactions, Smart Grid, content management, and other applications. OASIS open standards offer the potential to lower cost, stimulate innovation, grow global markets, and protect the right of free choice of technology. OASIS members broadly represent the marketplace of public and private sector technology leaders, users and influencers. The consortium has more than 5,000 participants representing over 600 organizations and individual members in 100 countries.
OASIS Senior Director