Second-Generation PKI Standard
VeriSign, Microsoft & webMethods, Joined by Baltimore Technologies, HP, IBM, IONA, PureEdge and Reuters, Announce Industry Support for Second-Generation PKI Standard
XKMS Specification Acknowledged by World Wide Web Consortium (W3C), Paving the Way for Interoperability of PKI Solutions, Digital Signatures and Encryption
San Francisco, CA, USA. [RSA Conference.] April 10, 2001.
VeriSign, Inc., the leading provider of Internet trust services, Microsoft Corp. and webMethods, Inc. today announced wide industry support of their jointly developed XML key management specification (XKMS), a key enabler to second-generation Public Key Infrastructure (PKI) services. Baltimore Technologies, Hewlett-Packard Company, International Business Machines Corp., IONA, PureEdge Solutions, and Reuters Limited joined VeriSign, Microsoft and webMethods in submitting the specification to the World Wide Web Consortium (W3C). Additional supporters of the XKMS specification include Entrust Technologies, RSA Security and Science Applications International Corporation. The W3C recently acknowledged the submission, which will be presented at the upcoming W3C Web Services Workshop, April 11-12. The XKMS specification makes it easy for enterprises and developers to integrate advanced PKI technologies such as digital signature handling and encryption into e-commerce applications, and also ensures interoperability of varying PKI solutions.
"The groundswell of industry support for the XKMS specification shows that PKI has entered the next generation," said Stratton Sclavos, president and CEO of VeriSign. "By moving complexity to the infrastructure, it will now be much easier for enterprises to deploy a far broader range of Internet applications while leveraging a globally-interoperable trust infrastructure which mirrors the physical world."
"Web Services are transforming every corner of high-tech computing, redefining the possibilities for end users and the business opportunities for enterprises. This transformation hinges on the public standardization of core XML technologies, and security standards are at the top of that list," said Blair Dillaway, security software architect at Microsoft Corp. "The XKMS-defined trust services provide key functionality needed for building secure, interoperable, e-commerce solutions."
The XKMS specification revolutionizes the development of trusted applications by introducing an open framework that enables virtually any developer to easily incorporate trust services directly into the application. Currently, developers must enable desktop and e-commerce applications to handle digital keys for authentication and digital signatures via the use of toolkits offered by a range of software vendors. Functions such as digital certificate processing, revocation status checking and certification path location and validation do not always interoperate with all vendors' PKI offerings. With the new XKMS specification, those functions instead reside in servers that can be accessed via easily programmed XML messages.
"We are very excited about the XKMS framework and the response we've had from our member financial institutions," said Dave Oshman, Senior VP, Technology of Identrus. "VeriSign has helped solve a key technical issue for merchants that will speed use of digital certificates and ultimately improve return on investment for market participants and service providers."
As organizations continue to expand use of the Internet for business-critical applications such as supply chain management and enterprise resource planning they require the ability to secure these applications using digital credentials within an open and interoperable framework. By deploying applications within the XKMS framework, enterprises can gain broad interoperability, rapid time-to-market, significant cost savings, and scalability across intranet, extranet, and Internet commerce applications - benefits unattainable with proprietary PKI software. XKMS is compatible with the emerging standard for XML digital signatures. Designed to be implemented as a Web service, XKMS is built upon Web Services Description Language (WSDL) and Simple Object Access Protocol (SOAP). It is anticipated that future versions of the XKMS specification will be compatible with XML encryption and XML protocol.
"As an open framework for the XML-based trust services architecture, XKMS will enable trust through stronger authentication and will ultimately help deliver XML's promise of expanded e-commerce across the board - thus making integration technology faster and easier to deploy, as well as making large industrial exchanges more manageable," said Jeremy Epstein, Director of Product Security and Performance, webMethods, Inc.
"For enterprise customers to truly conduct high-value transactions, the handling of digital keys for online authentication, digital signatures and data encryption must be simple to integrate and must interoperate across a broad range of enterprise applications," said Warwick Ford, Chief Technology Officer for VeriSign.
Interoperable Specification Receives Broad Industry Support
"Driven by both federal standards and a need for greater efficiency, the healthcare industry is moving rapidly toward electronic business processes, and public-key technology is a critical enabler for authentication, digital signatures, and transaction protection. As a systems integrator, SAIC is intimately familiar with the importance of standards such as XKMS to facilitate integration, interoperability, and scalability across multiple enterprises," said Dixie Baker, VP and Chief Technology Officer of the Health and Enterprise Solutions Sectors at SAIC.
"Baltimore welcomes the proposed adoption of the XKMS specification as an additional and simpler way to access PKI services," said John O'Sullivan, Executive Vice President of Engineering at Baltimore Technologies. "XKMS complements existing standards such as the on-going SAML work in OASIS and W3C's XML digital signature standard. We see XKMS as providing one of the key components for the future development of a wide range of e-security products and services."
"CIOs of Canadian Banks can now focus on selecting the PKI solution that best integrates with their current applications, knowing that XKMS will provide the means to seamlessly conduct high value electronic transactions between any other banks in Canada, through the Internet, independent of anyone's PKI vendor." said Mario Morel, Chief Technology Officer for CIBC, a VeriSign Canadian Affiliate.
"Entrust is pleased to participate in the announcement of the World Wide Web Consortium's acceptance of the XKMS specification as an open standard for XML-based trust services," said Brian O'Higgins, founder, executive vice president and CTO, Entrust Technologies. "XKMS will simplify the integration of digital signatures and data encryption into e-commerce applications. The specification is a natural complement to our complete range of Trust Relationship Management software and managed services, which address security requirements across all types of Web services transactions."
Roberto Medrano, general manager, HP Internet Security Division, said, "HP supports the adoption of the XKMS Specification to provide the higher-level application security that customers need to further their service-centric Web commerce in a heterogeneous environment. The wide industry acknowledgement of the benefits associated with adopting the XKMS specification will enable pervasive development efforts."
"The use of XML for e-business is maturing rapidly and security is an essential part of the standards 'stack' for web services," said Bob Sutor, IBM's Director for e-business Standards Strategy. "XKMS should prove to be an important component of the standards that the industry cooperatively develops to ensure that Internet-based business transactions take place in a secure and reliable way."
"Security is the top concern among customers who are looking to develop and publish web services, including business process interactions across the Internet," said Eric Newcomer, Web Services Architect at IONA. "As the industry's only provider of true Total Business Integration, IONA is pleased to support XKMS as a key component of the solution to this concern."
"As a company that has been committed to the development of secure XML standards for nearly three years, PureEdge is pleased to participate in the XKMS effort," said David Manning, PureEdge CTO. "XKMS is an important e-commerce advancement that will foster the development of secure XML applications and bring the power of PKI to a broader range of organizations worldwide."
"XMKS provides a sound framework for the provision of interoperable, trusted Web-based financial products and services," said Mark Curtis, Research and Standards Group, Reuters Chief Technology Office.
"RSA Security fully supports the XKMS specifications, as this open framework will allow developers to embed strong and reliable data security, integrity and authentication features within their e-commerce applications," said Bill McQuaide, vice president of product marketing at RSA Security Inc. "Based on XML and promoting the interoperability of advanced technologies, XKMS enables B2B and B2C applications to function reliably in a public key infrastructure (PKI) environment."
VeriSign, Inc. is the leading provider of trusted infrastructure services to web sites, enterprises, electronic commerce service providers and individuals. The company's domain name, digital certificate and payment services provide the critical web identity, authentication and transaction infrastructure that online businesses require to conduct secure e-commerce and communications. VeriSign's services are available through its Web site (www.verisign.com) or through its direct sales force and reseller partners around the world.
Founded in 1975, Microsoft is the worldwide leader in software, services and Internet technologies for personal and business computing. The company offers a wide range of products and services designed to empower people through great software - any time, any place and on any device.
webMethods, Inc. is the leading provider of integration software solutions for Global 2000 corporations, major B2B exchanges and leading software application vendors. The webMethods integration platform allows customers to achieve quantifiable R.O.I. by linking business processes, enterprise and legacy applications, databases and workflows both within and across enterprises. By deploying the webMethods integration platform, customers reduce costs, create new revenue opportunities, strengthen relationships with customers, substantially increase supply chain efficiencies and streamline internal business processes.
Founded in 1996, webMethods is headquartered in Fairfax, Va., with offices throughout the U.S., Europe and Asia Pacific. webMethods has more than 625 customers worldwide-from Global 2000 leaders such as Citibank, Dell, Eastman Chemical, The Ford Motor Company, Grainger, Motorola and Starbucks to major industry-backed exchanges like ForestExpress, eHITEX/Converge and PetroCosm. webMethods' strategic partners include Ariba, Broadvision, Commerce One, Deloitte Consulting, EDS, i2 Technologies, J.D. Edwards, KPMG Consulting, Microsoft, Oracle Corp., SAP AG and Siebel Systems. More information about the company can be found at www.webMethods.com.
Prepared by Robin Cover for The XML Cover Pages archive.