OASIS Committee Standardizes Use of Biometric Identity Assurance in Web Services and SOA; Booz Allen Hamilton, NIST, Raining Data, Raytheon, Sun Microsystems and Others Collaborate to Apply INCITS Biometric Framework for XML.BOSTON -- Members of the OASIS international standards consortium are developing a standard for invoking biometrics-based identity assurance using Web services and service oriented architectures (SOA). The new OASIS Biometric Identity Assurance Services (BIAS) Integration Technical Committee will complement the efforts of the InterNational Committee for Information Technology Standards The International Committee for Information Technology Standards, or INCITS (pronounced "insights" [1]), is an ANSI-accredited forum of IT developers. It was formerly known as the X3 and NCITS. (INCITS INCITS INternational Committee for Information Technology Standards ), a standards development organization accredited accredited recognition by an appropriate authority that the performance of a particular institution has satisfied a prestated set of criteria. accredited herds cattle herds which have achieved a low level of reactors to, e.g. by the American National Standards Institute See ANSI. (body, standard) American National Standards Institute - (ANSI) The private, non-profit organisation (501(c)3) responsible for approving US standards in many areas, including computers and communications. ANSI is a member of ISO. (ANSI (American National Standards Institute, New York, www.ansi.org) A membership organization founded in 1918 that coordinates the development of U.S. voluntary national standards in both the private and public sectors. It is the U.S. member body to ISO and IEC. ). Where INCITS is working to define the taxonomy of functions that form a framework for deploying identity assurance in the biometrics and security industries, OASIS will define the methods and bindings by which that framework can be used within XML-based transactional services. The two companion standards are expected to reference one another. "We expect that the INCITS and OASIS initiatives will inform and improve on one another," noted Karen Higgenbottom, chair of the INCITS executive board, which also serves as ANSI's Technical Advisory Group for ISO/IEC ISO/IEC International Organization for Standardization/International Electrotechnical Commission (ITU-T M 3000) Joint Technical Committee 1. "BIAS should significantly increase the opportunities for implementing biometric functions in XML-based systems. Likewise, current SOA methods for exchanging information and transactions data may provide useful parameters and patterns for the broader application of BIAS data in the security industry." "Biometric systems are becoming more complex as they are integrated into larger identity management and credentialing systems," observed Catherine Tilton of Daon, chair of the OASIS BIAS Integration Technical Committee. "At the same time, there is a growing need for data sharing and reuse of resources and services within and across organizations. Today, custom built, proprietary solutions are the only option. The availability of a standard biometric services interface will allow systems to be implemented on an open architecture and provide users with greater choice in products and services." "This project represents complementary development efforts between OASIS and INCITS, and we hope it will serve as a model for future collaboration," stated James Bryce Clark, director of standards development at OASIS. "It offers a compelling opportunity for existing SOA and XML security technologies to more broadly consume biometric technologies." The new committee members foresee their work leveraging a variety of security, Web services, and SOA standards developed at OASIS, including WS-Security. In addition, vertical industry efforts that require secure identification and authentication may make use of the BIAS effort. It may also influence work produced by other standards bodies, biometrics research groups, SOA architects, vendors and users. The OASIS BIAS Integration Technical Committee will operate under Royalty Free on Limited Terms mode, as defined by the OASIS Intellectual Property Rights Policy. Participation in the Committee remains open to all companies, non-profit groups, governments, and individuals. As with all OASIS projects, archives of the Committee's work will be accessible to both members and non-members, and OASIS will host an open mail list for public comment. Support for BIAS Booz Allen Hamilton Booz Allen Hamilton, Inc., referred to as Booz Allen is one of the oldest strategy consulting firms in the world.[1] The firm formerly had two consulting divisions: WCB (Worldwide Commercial Business, also known as “The Commercial Side”) and WTB "Booz Allen Hamilton is proud to sponsor and participate in the development of BIAS. This new standard will enhance biometric web services interoperability The Web Services Interoperability Organization (WS-I) is an industry consortium chartered to promote interoperability amongst the stack of web services specifications. ," said Don Waymire, Senior Associate at Booz Allen Hamilton. "Booz Allen's participation in BIAS is in keeping with our commitment to support biometric standards development and open system architectures." Sun Microsystems "Sun is proud to participate on the OASIS BIAS team working on open standards for biometric use that will give organizations new choices for open and strong authentication. Whether used to replace simple passwords or add additional mechanisms, products based upon these biometric standards will enable organizations to achieve greater security through the use of open, community-driven standards," said Edward Clay, security architect, Client Solutions Global Security Team at Sun. About OASIS OASIS (Organization for the Advancement of Structured Information Standards) is a not-for-profit, international consortium that drives the development, convergence, and adoption of e-business standards. Members themselves set the OASIS technical agenda, using a lightweight, open process expressly designed to promote industry consensus and unite disparate efforts. The consortium produces open standards for Web services, security, e-business, and standardization efforts in the public sector and for application-specific markets. Founded in 1993, OASIS has more than 5,000 participants representing over 600 organizations and individual members in 100 countries. Approved OASIS Standards include AVDL AVDL Application Vulnerability Description Language , BCM, CAP, DITA, DocBook, DSML (Directory Services Markup Language) A set of XML tags that defines the contents of a directory. Developed by Bowstreet, Inc., Tewksbury, MA (www.bowstreet. , ebXML CPPA CPPA Collaboration Protocol Profile and Agreement (Oasis) CPPA Child Pornography Prevention Act of 1996 CPPA Canadian Pulp & Paper Association CPPA Corrugated Polyethylene Pipe Association , ebXML Messaging, ebXML Registry, EDXL-DE, EML, OpenDocument, SAML (Security Assertion Markup Language) An XML-based format from OASIS for exchanging security information for single sign-on. The "assertions" are statements from a SAML authority that authenticate a user, confirm some attribute about the individual and grant or , SPML, UBL, UDDI, WSDM, WS-Reliability, WSRF, WSRP, WS-Security, XACML (EXtensible Access Control Markup Language) An OASIS standard for managing access control policy. Released in 2003 and based on XML, the Sun-developed XACML was designed to become a universal standard for describing who has access to which resources. , XCBF, and XML Catalogs. http://www.oasis-open.org Additional information OASIS BIAS Integration Technical Committee http://www.oasis-open.org/committees/bias/ BIAS FAQ http://www.oasis-open.org/committees/bias/faq.php/ INCITS http://www.incits.org |
|
||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion