OASIS has announced the expansion of its Member Section Program to include the PKI Forum. The newest OASIS Member Section, PKI Forum "will continue to advance the use of the Public-Key Infrastructure (PKI) as a foundation for secure transactions in e-business and Web services applications. As a security advocacy group, the PKI Forum brings technology and service providers, integrators and end-users together to accelerate the adoption and use of PKI applications, digital certificates and other real world solutions, as well as to facilitate interoperability through multi-vendor testing of industry standards and educational outreach. Established in 1999, PKI Forum serves as a global information resource for PKI and advocates cooperation and market awareness enabling organizations to understand and exploit the value of PKI in applications relevant to their businesses. Under the new organizational structure, members of PKI Forum will join OASIS and be eligible to contribute to all OASIS technical work. Existing OASIS members will have the option to participate in PKI committee activities without additional membership dues. PKI committees will be formed and operate under the OASIS technical process. The PKI Forum Executive Board will continue to guide the alliance as the OASIS PKI Member Section Steering Committee. Members include Derek Brink of RSA Security, Peter Doyle of Baltimore Technologies, John Sabo of Computer Associates, Mitch Arnone of Schlumberger Network Solutions, Patrick Gen Kanaishi of Neucom, Terry Leahy of Wells Fargo, and Jeff Stapleton of KPMG."
From the announcement "OASIS Expands to Include PKI Forum. Security Alliance Moves Adoption Agenda to International Consortium":
The OASIS PKI Member Section joins a growing list of OASIS activities that address Web services and security including WS-Security, the Security Assertion Markup Language (SAML), the XML Access Control Markup Language (XACML), the Rights Language, the Service Provisioning Markup Language (SPML), XML Common Biometric Format (XCBF), and the Digital Signature Services (DSS) protocol.
"Since much new standards and application development activity is in the world of XML-related standards, and since it is vital for PKI to become integrated into applications, this move makes sense. The synergies among the groups within OASIS should help PKI move to the next phase as an unseen but foundational part of the infrastructure," said Victor S. Wheatman, Vice President and Research Area Director for Gartner, Inc.
"OASIS advances the adoption of today's most important Web services security standards. PKI is an important foundation for those standards, and it makes perfect sense for PKI Forum to be part of the consortium," noted Terry Leahy of Wells Fargo, who served as chair of the PKI Forum Executive Board and now leads the OASIS PKI Member Section Steering Committee. Leahy added that moving PKI Forum's activities within OASIS will benefit members from both organizations as well as increase market awareness of all the e-business enabling technologies.
"Coordination and interoperability between the various security standards are key factors for the success of Web services," said Patrick Gannon, president and CEO of OASIS. "Advancing the adoption of PKI alongside other Web services and e-business security standards at OASIS makes it easier for every company with a serious stake in the security agenda to be represented and involved in this work."
OASIS will host open mail lists for public comment on PKI Forum activities, and completed work will be freely available to the public without licensing or other fees.
Principal references:
- Announcement 2002-11-04: "OASIS Expands to Include PKI Forum. Security Alliance Moves Adoption Agenda to International Consortium."
- PKI Resources
- OASIS PKI Member Section FAQ document
- PKI Forum Whitepapers and Notes
- OASIS PKI Member Section website
- PKI Members mailing list archive
- PKI comment mailing list archive
- PKI Steering Committee mailing list archive
- PKI Forum Business WG mailing list archive
- PKI Forum Technical WG mailing list archive
- See: XML and Security
- Press:
"OASIS Steps Up Security Agenda." By Brian Fonseca. In InfoWorld (November 04, 2002). "OASIS is on tap to execute two high-profile moves this week that should bolster the standards consortium's growing influence within the nascent Web services security realm. On Monday [2002-11-04], OASIS announced that it has expanded its organization to include the PKI Forum as its newest Member Section. In addition, OASIS could officially ratify the first version of SAML (Secure Access Markup Language) as early as Wednesday, accelerating adoption and cross-industry use of the authentication and authorization protocol, according to OASIS officials. The marriage between OASIS and the three-year-old PKI Forum security advocacy group will allow OASIS to concentrate future development into the use of PKI as a vital and trusted cog to enable secure e-business transactions involving Web services applications, said Patrick Gannon, president and CEO of OASIS. 'We think by OASIS providing a home [for PKI Forum] it will increase confidence for organizations and companies in the deployment of PKI,' said Gannon. 'It will provide a way for people to view a more seamless adoption of PKI infrastructure and how that fits within the expanding e-business and Web services world.' Dogged by complexity, integration difficulties, and user apathy, PKI -- and vendors such as Entrust, RSA, and Baltimore Technologies that have championed the technology -- have discovered the buyer market to be unkind thus far. However, security experts see future promise for PKI by the assertion signing and management challenges Web services will pose. 'Most of these XML-based security protocols being developed [for Web services] talk about encryption, signing [and] assertions,' said Gerry Gabel, analyst at The Burton Group, in Salt Lake City. 'This cries out for team management and there may be a role for PKI to step out and actually provide value there... However, Gabel said it remains to be seen if the security provider community can pull off the Herculean task of making customers forget about the failed history or shelf-ware remnants of PKI. To find success, he notes, PKI must be woven into the background of customers' security operations where they wouldn't have to install a certificate authority into a directory or have to create a certificate authority, or install any form of client software but rather have it bundled in with a larger security or application offer According to Gannon, members of the PKI Forum gain OASIS membership status and are eligible to contribute to technical work being done within the standards consortium. In turn, OASIS members can actively participate in PKI committee work..."
"OASIS Adds PKI Forum to Security Arsenal." By Clint Boulton. From InternetNews.com (November 4, 2002). "With security at a premium -- especially for Web services -- e-business standards group OASIS moved to bolster its ability to create safer specifications Monday when it added the PKI Forum as its newest member section. Vital for ensuring secure transactions on the Internet, PKI, short for public key infrastructure, is a system of digital certificates, certificate authorities, and other registration authorities that verify and authenticate the validity of each party involved in a Web transaction. They essentially query a user about his or her identity, and serve as gatekeepers that monitor e-commerce exchange. The PKI Forum is the main group responsible for aggregating PKI proprietors, end users and developers, and will continue in that capacity under the aegis of OASIS... OASIS President and CEO Patrick Gannon told internetnews.com aligning PKI alongside other Web services and e-business security standards at OASIS 'makes it easier for every company with a serious stake in the security agenda to be represented and involved in this work'..."
