Cover Pages Logo SEARCH
Advanced Search
Site Map
CP RSS Channel
Contact Us
Sponsoring CP
About Our Sponsors

Cover Stories
Articles & Papers
Press Releases

XML Query

XML Applications
General Apps
Government Apps
Academic Apps

Technology and Society
Tech Topics
Related Standards

AuthXML Prepares Specification for Submission to Standards Body

Leading Security Vendors, Service Providers, and Enterprises Cooperate on Standard for Secure Web Transactions

AuthXML Working Group Unveils List of 45 Charter Members; Prepares Specification for Submission to Standards Body

San Francisco, CA. December 4, 2000.

The AuthXML Working Group today announced that 45 organizations representing the vendor, service provider, and enterprise communities have joined the open and vendor neutral initiative to help create a standard way to secure Internet-based electronic transactions. The Working Group is finalizing preparations on the AuthXML specification for submission to the World Wide Web Consortium (W3C) and OASIS. Charter members include Access360, Arcot Systems, Argus Systems Group, Authentify, Authentor, BioNetrix, Bowstreet, Brown University, Calendra, Cap Gemini Ernst & Young, CertCo, Check Point Software Technologies, Citrix, Datek Online, Deloitte & Touche LLP, eBenX, Employease, Entact Information Security, Entrust Technologies, Epicentric, Equifax, Internet 2 Project, Keyware Technologies, Mackenzie Financial, McKesson, Novell, Oblix, Outlook Technologies, PricewaterhouseCoopers, ProofSpace, Royal Bank of Scotland, SAIC, Sandhill Systems, Secretariat du Conseil du Tresor, Securant Technologies, Secure Computing, Silverstream, SiteLite, SVi Retail, Thomson Financial, Transport Logistic Centre, University of Western Ontario, Urmet, Valicert, and Wave Systems Corp.

"An open standard for authorization will promote interoperability across web sites in different security domains using disparate web security mechanisms," said Chris King, Program Director, Service Management Strategies, META Group. "If widely adopted and supported - by vendors, service providers, and enterprises - an open standard will enable organizations to pass users and transactions between organizations easily."

The ability of the Internet to support secure electronic transactions that span multiple Web sites and organizations is limited by the fact that each organization has deployed its own separate security systems for performing user authentication and authorization. In order for the Internet to enable seamless yet secure transactions between trading partners, affiliated organizations, and between businesses and consumers, a standard method is required for presenting and maintaining security details as a user or session traverses linked Web sites that are based on disparate technologies, applications and platforms.

AuthXML Working Group Mandate

AuthXML is a vendor-neutral specification that enables the integration of proprietary Web security, network security, B2B infrastructures and applications with individual Internet-based user sessions and transactions. The specification derives its name from the fact that it uses XML and links the two primary components of Web transaction security: Authentication and Authorization. AuthXML is designed to enable the seamless flow of Web-based transactions between trading partner sites that may be using different security systems, and within a given site that may be deploying multiple applications that require integrated security. The goal of the AuthXML Working Group is to achieve a universally accepted standard that enables authentication and authorization functions to be performed across and interoperate with multi-vendor Web security systems, packaged and custom Web applications, and network level security systems - using XML technology.

For more details on AuthXML, or to join the AuthXML Working Group visit

AuthXML Working Group Member Quotes

"Access360 is excited to be taking part in the creation of AuthXML -- the first XML-based standard for Web security. An open standard, AuthXML will help customers and partners move seamlessly between disparate security technologies and platforms. We see this as a tremendously valuable asset for the entire industry."

Mike New, chief marketing officer, Access360. Editorial Contact: Rebecca Levy, 949-450-6400,

"Arcot Systems readily endorses standards that move towards a unified approach to providing secure Internet transactions, and is pleased to support the AuthXML Working Group. We are focused on bringing confidence to Internet transactions by providing strong authentication solutions that are highly scalable and deployable while remaining transparent to the end user. Arcot offers the only digital identity solution that ensures strong authentication while providing the scalability and ease of deployment necessary for Internet and wireless environments."

Jim Reno, vice president of applications development, Arcot Systems, Inc. Editorial Contact: Phil Burton, 408-969-6212,

"To realize the full potential of e-business, organizations must embrace security measures that are not only highly secure, but convenient to end users and uniformly deployed. The AuthXML Working Group has assumed an important charge in developing a standard for secure Internet transactions. I am pleased BioNetrix will be part of this initiative."

Taylor Boon, chief technology officer, BioNetrix. Editorial Contact: Cheryl Bredehoeft, 703-734-9200,

"From our experience in delivering secure solutions, our clients require interoperability of security to support their internal and external user communities. Integrated security is a primary concern of organizations that are required to support multiple applications and platforms for all of their stakeholders including employees, suppliers, customers, and business partners. We believe that AuthXML is a significant step in the right direction by bringing leading security vendors and software vendors together to create and propose an independent, valuable security standard."

Sean Peasley, enterprise risk services principal, Deloitte & Touche 714-241-5102,

"The AuthXML standard could reduce the integration time between Employease and it's partners from weeks to hours, while the session management component of AuthXML will provide Employease with a missing piece in the horizontal integration puzzle."

John Alberg, co-founder & vice president, engineering, Employease. Editorial Contact: Jasen Williams, 404-467-6484,

"The AuthXML Working Group is an important step towards achieving interoperable standards for a full-scale privilege management infrastructure (PMI). PMI interoperability will be crucial to meeting customer demand for Internet security as e-business continues to evolve. Entrust will continue to make a significant commitment to customers by integrating PMI with our award-winning public-key infrastructure (PKI) and authorization solutions. We are pleased to play a founding role in the innovation and vision that the AuthXML Working Group will provide to the industry and to customers."

Alex Berson, vice president and CTO, Portal Technology and Applications, Entrust Technologies. Editorial Contact: Laura Maio, 613-270-3767,

"Epicentric is excited to participate in the AuthXML initiative. As companies create E-Business Networks to reach their employees, customers, and business partners, it is becoming increasingly important to provide standard mechanisms for the integration of authentication and authorization across enterprise applications. Epicentric is committed to XML standards-based approaches like AuthXML to enable integration with other leading E-Business infrastructure vendors."

Kathleen Hayes, vice president of business development, Epicentric. Editorial Contact: Emily Waters, 415-538-7093,

"Keyware is particularly interested in advancing a security standard such as AuthXML, which will support secure Internet-based electronic transactions. Because Keyware offers a variety of electronic commerce security solutions, through a central authentication server, we welcome the chance to bring an e-commerce standard in a direction that will meet with worldwide interoperability standards and work with all authentication technologies such as smart cards, biometrics, PKI, etc."

Veronique Wittebolle, executive vice president, Keyware. Editorial Contact: Elizabeth Marshall, 781-933-1311 ext. 235,

"As the leading provider of Net services software, Novell fully supports initiatives like AuthXML that strive to provide a much needed industry standard for eBusinesses to seamlessly and securely interact with online business partners and supply chains. AuthXML is addressing the lack of standards and interoperability that exist today between vendor solutions. We think it's a step in the right direction, and we will actively participate in leading the initiative through a standards committee."

Bob O'Dell, director of product management, Novell. Editorial Contact: Kim Davilla, 408-967-6527,

"Oblix is highly committed to supporting and advancing industry standards. Customers demand this as they conduct a greater percentage of business over the Internet. We believe that creating an XML based standard for authentication, authorization, and session management will benefit customers' needs for greater interoperability. We are pleased to be one of the members of the group working on AuthXML to make it ready for submission to an open standards body."

Nand Mulchandani, co-founder and vice president of product management, Oblix. Editorial Contact: Erin McCauley, 408-861-6819,

"One of the key challenges facing our clients is the ability to secure transactions and relationships that span internal and external facing systems, including customer, partner and vendor sites, and are based on incompatible technologies. We support the AuthXML initiative to create a single standard that will enable Web transactions to share common security information across proprietary technology platforms. The diverse make up of the AuthXML Working Group is a positive sign and we believe a requirement for any standards effort to succeed."

Gary Loveland, partner, PricewaterhouseCoopers 213-236-3768,

"We are very pleased with the strong show of industry support that the AuthXML initiative has received, as well as the diverse group of organizations who have joined the Working Group. Only by bringing together a true cross section of the industry, including competing vendors, end users, and universities, can we hope to achieve a non-proprietary standard. We are very encouraged by the progress we have made so far and that everyone recognizes a Web transaction security standard is required to move the industry forward. We expect the Working Group will move quickly to ratify the specification and submit it for consideration to the W3C and Oasis."

Eric Olden, chief technology officer, Securant Technologies. Editorial Contact: Marc Gendron, Marc Gendron Public Relations, 781-237-0341,

"Sitelite is delighted to be a charter member of the AuthXML group, and to participate in the development of a universally acceptable standard for authentication and functionality for securing web transactions. In this holiday season of gift buying...we can personally relate to this need for ourselves and for the needs of the Internet in the future."

Jeff Pierick, president and founder, Sitelite. Editorial Contact: Laura Gillespie, 949-635-2460,

Prepared by Robin Cover for The XML Cover Pages archive. See: "AuthXML Standard for Web Security."

Globe Image

Document URL: