OASIS Members Form Technical Committee to Advance PKI Adoption for Secure Transactions

Baltimore Technologies, Computer Associates, Entrust, KPMG, Neucom, RSA Security, Sun Microsystems, VeriSign, Wells Fargo, and Others Work to Facilitate Interoperability of Foundational Security Standard

Boston, MA, USA; 7 January 2003 — The OASIS standards consortium has organized a new technical committee to advance adoption of the Public-Key Infrastructure (PKI) for Web services and other applications. PKI serves as a foundation to enable secure e-business transactions. The new technical committee has been created within the OASIS PKI Member Section, a group formed as a result of the recent transition of the advocacy group, PKI Forum, to OASIS. The OASIS PKI Technical Committee will serve as a global information resource for PKI. It will work to increase awareness of digital certificates as an important component for managing access to network resources, delivering secured electronic messages and conducting electronic transactions. Deliverables from the committee will include white papers, implementation guidelines, and conformance tests to promote the adoption of the PKI technology. “We want to address the issues behind the successful deployment of digital certificates to meet business and security requirements. Our collaboration will focus on overcoming technical and integration challenges and promoting greater interoperability,” explained Terry Leahy of Wells Fargo, chair of the new OASIS PKI Technical Committee. “The OASIS PKI Technical Committee will serve as a community forum for exchanging information on using PKI and digital certificates in application-focused standards and projects, and as a mechanism for the creation of documents related to the implementation of PKI internationally.” PKI serves as a foundation for other Web services standards, and the new technical committee joins the growing body of security specifications being developed within OASIS, such as WS-Security, the Security Assertion Markup Language (SAML), the XML Access Control Markup Language (XACML), the Rights Language, the Service Provisioning Markup Language (SPML) and XML Common Biometric Format (XCBF) and the Digital Signature Services (DSS) protocol. “PKI and digital certificates have become key components of identity-related security services,” said John Sabo of Computer Associates, vice chair of the OASIS PKI Technical Committee. “We expect the Technical Committee to cover a broad range of business and technical issues and address the practical use of PKI in support of high trust applications on the Web and in other networked environments.” Participation in the OASIS PKI Technical Committee remains open to all organizations and individuals. OASIS will host an open mail list for public comment, and completed work will be freely available to the public without licensing or other fees. Information on joining OASIS can be found on http://www.oasis-open.org/join. Industry Support for PKI “As a transparent technology integrated into a total identity management system, PKI will be a key enabling technology for the use of Web services and other software technologies in high-trust application environments,” said Ron Moritz, senior vice president for eTrust security solutions at Computer Associates. “Computer Associates strongly supports the work of the OASIS PKI Technical Committee and looks forward to working closely with the other committee participants to ensure the effectiveness of next-generation PKI implementations.” “DataPower believes that the demand for more robust and efficient methods of verifying user identity and protecting sensitive information across Web service applications becomes ever more critical as XML-based messaging continues to proliferate,” says Eugene Kuznetsov, founder, president and CTO at DataPower Technology Inc. “PKI is the security infrastructure and the framework for managing keys and digital certificates; DataPower wholly supports the new OASIS PKI Technical Committee as it addresses the industry’s need for successful deployment of digital certificates and the technical and interoperability issues around that.” “As a market-leader in public-key infrastructure, Entrust is pleased to be able to contribute its expertise as a member of the new OASIS PKI Technical Committee,” said Brian O’Higgins, chief technology officer, Entrust, Inc. “We plan to leverage our 10-year history in deploying PKI to customers worldwide to help the new committee successfully reach its goals of providing an international forum for sharing best practices and driving further deployments and interoperability.” “Digital certificates are of growing importance worldwide, as organizations focus on lowering both cost and risk for expanded e-business initiatives,” said Bill McQuaide, senior vice president, Authentication division at RSA Security. “As a leader in a wide range of standards activities across many standards groups, RSA Security is pleased to continue to support PKI-related activities under the new OASIS structure.” “The creation of this group couldn’t come at a better time,” said Dr. Phillip Hallam Baker, Principal Scientist and Web Services Security Architect at VeriSign, Inc. “The industry has now recognized the need to integrate trust and security into Web Services infrastructure, and it clearly makes sense to embrace PKI as a cornerstone of those efforts.” About OASIS (http://www.oasis-open.org) OASIS (Organization for the Advancement of Structured Information Standards) is a not-for-profit, global consortium that drives the development, convergence, and adoption of e-business standards. Members themselves set the OASIS technical agenda, using a lightweight, open process expressly designed to promote industry consensus and unite disparate efforts. OASIS produces worldwide standards for security, Web services, XML conformance, business transactions, electronic publishing, topic maps and interoperability within and between marketplaces. OASIS has more than 600 corporate and individual members in 100 countries around the world. For more information: Carol Geyer Director of Communications OASIS (www.oasis-open.org) carol.geyer@oasis-open.org +1.978.667.5115 x209