OASIS Members Work to Develop Digital Signature and Timestamping Protocols

Entrust, IONA, NIST, webMethods, TIBCO, Verisign, and Others Collaborate on Security Standard to Accelerate Web Services Deployment

Boston, MA, USA; 24 October 2002 – Members of the OASIS standards consortium have formed a technical committee to develop open XML protocols for digital signature and cryptographic timestamping services operating in a Web services context. The work of the new OASIS Digital Signature Services Technical Committee will enable Web services to produce and verify digital signatures and provide techniques for proving that a given signature was created within its private key validity period. “Digital signatures and timestamping provide the long-term integrity and accountability that’s necessary for online business transactions,” said Robert Zuccherato of Entrust, chair of the OASIS Digital Signature Services Technical Committee. “Our work at OASIS will allow organizations to determine the parties involved in a transaction and the specific moment in time when a transaction occurred, with the assurance that the transaction has not been altered since it was digitally signed. These are all essential attributes of important business transactions.” Industry analyst, Phil Schacter, VP of Directory and Security Strategies for the Burton Group, agrees, “Commerce between companies and supply chains requires timestamping and signing services from trusted sources to support non-repudiation for high value business transactions. OASIS provides an open standards forum to advance this important aspect of securing Web services.” The work of the OASIS Digital Signature Services Technical Committee complements several Web services security standards currently being developed within OASIS including XACML for access control, SAML for authentication and authorization, and WS-Security for secure Web services. Specifications developed within the World Wide Web Consortium (W3C), including XML Signature and XML Key Management, are also related to this new effort. “This new OASIS technical committee will build on the foundational work that the W3C has accomplished in the area of digital signatures,” explained Karl Best, director of technical operations for OASIS. “Maintaining active liaisons with other initiatives–both internal and external to OASIS–will ensure that the output of this committee will fit well within the ‘big picture’ of security standards.” Participation in the OASIS Digital Signature Services Technical Committee remains open to all organizations and individuals. OASIS will host an open mail list for public comment, and completed work will be freely available to the public without licensing or other fees. Information on joining OASIS can be found on http://www.oasis-open.org/join. Industry Support for OASIS Digital Signature Services “As a sponsor member of OASIS, we are excited about this new technical work, which we feel is essential to the development of Web services security,” said Bill Conner, chairman, president and CEO of Entrust. “We view open, interoperable digital signature and timestamping services as critical components of our recently announced Entrust Secure Transaction Platform.” “Security is one of the major remaining obstacles to the wide-spread adoption of Web services for enterprise integration.” said Eric Newcomer, CTO at IONA. “We are always pleased to see open standards activities make progress on key aspects such as the document confidentiality protection that digital signature services will provide, and are looking forward to working with our fellow members to improve Web services security and promote interoperability.” “This proposal underscores the industry’s efforts to build trust and security into the fabric of Web services infrastructure, which VeriSign considers to be a key hurdle on the road to widespread adoption,” said Dr. Phillip Hallam-Baker, principal scientist and Web Services Security Architect for VeriSign, Inc. “Digital signature technology will play a critical role in helping enterprises deploy trusted Web Services, and VeriSign is fully behind this latest effort by OASIS.” “Web services have become an important component in many companies’ integration strategies, and as Web services proliferate, security must not be ignored,” said Jeremy Epstein, director of product security for webMethods. “We believe the standards emanating from the work of the OASIS Digital Signature Services Technical Committee will play an important role in providing companies with the comfort level they need to promote the mass adoption of Web services.” About OASIS (http://www.oasis-open.org) OASIS (Organization for the Advancement of Structured Information Standards) is a not-for-profit, global consortium that drives the development, convergence, and adoption of e-business standards. Members themselves set the OASIS technical agenda, using a lightweight, open process expressly designed to promote industry consensus and unite disparate efforts. OASIS produces worldwide standards for security, Web services, XML conformance, business transactions, electronic publishing, topic maps and interoperability within and between marketplaces. OASIS has more than 500 corporate and individual members in 100 countries around the world. For more information: Carol Geyer Director of Communications OASIS (www.oasis-open.org) carol.geyer@oasis-open.org +1.978.667.5115 x209