On September 16, 2003 OASIS announced that the XML Common Biometric Format (XCBF) Version 1.1 had been ratified as OASIS Standard. XCBF provides a standard way to describe information that verifies identity based on human characteristics such as DNA, fingerprints, iris scans, and hand geometry. XCBF can be used in applications as varied as homeland security, corporate privacy, law enforcement, and biotechnical research. It will assist in identifying citizenship, measuring attendance, controlling access to documents, facilitating non-repudiation in commerce, and many other functions.

[August 05, 2003]   OASIS XML Common Biometric Format Specification (XCBF) Submitted for Approval.    The Chair of the OASIS XML Common Biometric Format Technical Committee (XCBF TC) has communicated a request that the TC's Committee Specification version 1.1 be considered for approval as an OASIS Standard. The XML Common Biometric Format specification deals with biometrics in the sense of "automated methods of recognizing a person based on physiological (retina, hand geometry, DNA) or behavioral characteristics; they are used to recognize the identity of an individual, or to verify a claimed identity." The OASIS Committee Specification defines "a common set of secure XML encodings for the patron formats specified in CBEFF, the Common Biometric Exchange File Format (NISTIR 6529). These XML encodings are based on the ASN.1 schema defined in ANSI X9.84 Biometric Information Management and Security. For security purposes, they make use of the Canonical XML Encoding Rules (CXER) for ASN.1 defined in ITU-T Rec. X.693, and rely on the security and processing requirements specified in the X9.96 XML Cryptographic Message Syntax (XCMS) and X9.73 Cryptographic Message Syntax (CMS) standards." Section 7 provides the XCBF Schema in the form of ASN.1 modules (X9-84-Biometrics Module, X9-84-CMS Module, X9-84-Identifiers Module). Examples for readers and implementors are supplied in Section 8 with the goal of promoting secure, interoperable biometric applications and systems. Voting by the OASIS membership will take place during the latter half of August 2003.

[March 08, 2002] On February 11, 2002 OASIS acknowledged receipt of a proposal for a new technical committee to define a common set of XML 1.0 encodings for the patron formats defined in CBEFF, the Common Biometric Exchange File Format (NISTIR 6529). In this setting, biometrics "are used to prove or help prove identity based on human characteristics such as DNA, fingerprints, iris scans, hand geometry, etc." The encodings created by the technical committee on XML Common Biometric Format (XCBF) "will be specified in accordance with the ASN.1 schema definitions published in ANS X9.84:2000 Biometrics Information Management and Security for The Financial Services Industry. Projected deliverables from the TC include (1) a document defining the ASN.1/XML CBEFF schema, an introduction and overview of canonical DER, PER, and XER, and the processing and security requirements needed for the creation and verification of all cryptographic types defined in X9.84, in the form of XML encoded objects; (2) a working module including ASN.1 XML Markup Value Notation examples of X9.84 biometric types defined in the CBEFF standard, along with the underlying ASN.1 schema; (3) a published example DER, PER and XER encodings of values of X9.84 biometric types and equivalent BIR encodings; (4) documentation of new CBEFF patron formats that may become standard during the period of this work, in particular an anticipated smart card patron format."

XCBF will describe information that verifies identity based on human characteristics such as DNA, fingerprints, iris scans, and hand geometry. XCBF will be used in biometric applications that measure attendance, grant access control to documents or other resources, and facilitate non-repudiation in commerce, particularly over open networks. "Biometrics, in essence 'what you are,' are destined to replace 'what you know' items, such as PIN numbers, and to augment 'what you have' forms of identification, such as cards," explained Phillip H. Griffin of Griffin Consulting, chair of the OASIS XCBF Technical Committee. "Existing biometric standards use binary encoding formats, which severely limit their use in XML systems and applications. XCBF will provide a standard way for biometric functions to be done using XML." The charter of the OASIS XCBF Technical Committee is to define a set of XML encodings for the Common Biometric Exchange File Format (CBEFF), which describes data elements necessary to support biometric technologies in a standard way. Universal type definitions will allow biometric data to be validated and exchanged without ambiguity. The exact values specified in CBEFF binary encodings will be used in XCBF XML representations. CBEFF is a draft of the American National Standards Institute (ANSI), managed and maintained currently by the National Institute of Standards Technology (NIST). "The message syntax for transferring information across the Internet seems to be focused on XML-based dialects, and biometric information is no different in this respect. What's critically important is that XCBF meets the American National Standard X9.84 security requirements regarding the authenticity and integrity of biometric data. By basing this XML work on the schema and security mechanisms defined in X9.84, it should be possible for XCBF to meet these requirements," said Jeff Stapleton of KPMG LLP, chair of the X9F4 working group of the X9 Accredited Standards Committee (ASC) of ANSI... [from the 2002-03-07 press release]

TC description and rationale [from the 2002-02-11 proposal]:

Neither of the existing biometric standards, CBEFF and X9.84, provide an XML schema for securing, displaying, logging or performing database queries using biometric information. All of the security mechanisms provided in these standards are based strictly on binary, not XML, representations of information. There needs to be a standard way for such tasks to be done using XML; this is the reason for forming the XCBF TC. Provision of a standard XML schema for biometrics will also serve to promote interoperability and data exchange among the different patron formats defined in CBEFF.

The Common Biometric Exchange File Format defines a common set of data elements necessary to support multiple biometric technologies and to promote interoperability of biometric-based application programs and systems by allowing for biometric data exchange. CBEFF describes a set of "required" and "optional" data fields, a "domain of use", and "CBEFF Patron" formats that utilize some combination of these standard elements.

Patron formats specify encoding of the data elements and any additional (non-common) data elements. The two defined CBEFF Patron formats are the BioAPI Biometric Identification Record (BIR) format specified in the BioAPI Consortium BioAPI Specification Version 1.0 and the X9.84:2000 BiometricSyntax type. But all of the encoding formats defined in CBEFF and X9.84 are binary encodings, making their use in XML systems and applications limited or difficult.

A common XML schema that can carry the values in all of the CBEFF standard elements will promote the ability to exchange biometric information, between users of binary patron formats, and with XML-aware applications and systems. As new patron formats are added to CBEFF in future revisions, a common XML schema based on the X9.84 definitions should make it possible to exchange data with applications implemented using earlier versions of CBEFF.

Common, underlying type definitions will allow information to be validated and exchanged without ambiguity. The exact same values specified in binary encodings will be used in XML representations of these values. This feature of the work will serve to promote interoperable solutions.

The canonical variant of the XML Encoding Rules (CXER) will produce inputs suitable for cryptographic enhancement of the XML representations of X9.84 biometric objects, but which in that standard are expected to be processed solely in binary. All processing and security requirements used by this TC will be harmonized with standardization of the XML formats of CMS messages undertaken by ANSI X9F working groups.

CBEFF Overview: "The Common Biometric Exchange File Format (CBEFF) describes a set of data elements necessary to support biometric technologies in a common way. These data can be placed in a single file used to exchange biometric information between different system components or between systems. The result promotes interoperability of biometric-based application programs and systems developed by different vendors by allowing biometric data interchange. CBEFF's initial conceptual definition was achieved through a series of three Workshops co-sponsored by the National Institute of Standards and Technology and the Biometric Consortium. A Technical Development Team, formed as a result of these Workshops, developed CBEFF, as described in this publication, in coordination with industrial organizations (i.e., the BioAPI Consortium, the X9.F4 Working Group, the International Biometric Industry Association, and the Interfaces Group of TeleTrusT) and end users. CBEFF provides forward compatibility accommodating for technology improvements and allows for new formats to be created. CBEFF implementations simplify integration of software and hardware provided by different vendors. Further development (e.g., a CBEFF smart card format) is proposed under the umbrella of the recently formed Biometrics Interoperability, Performance, and Assurance Working Group co-sponsored by NIST and the Biometric Consortium." [abstract from NISTIR 6529]

Background to the CBEFF specification: "On February 21st 1999, the Information Technology Laboratory of the National Institute of Standards and Technology (NIST) and the Biometric Consortium sponsored a Workshop to discuss the potential for reaching industry consensus in a common fingerprint template format. The participants identified the need for a 'technology-blind' biometric file format that would facilitate the handling of different biometric types, versions, and biometric data structures in a common way. This common file format would facilitate exchange and interoperability of biometric data. A 'technology-blind' biometric file format would include all modalities of biometrics and would not bias, encourage, or discourage any particular vendor or biometric technology from another. It would not attempt to translate among different biometric technologies, but would identify them and facilitate their co-existence. The participants suggested that for the time being, the content of the biometric data structures (e.g., raw or processed biometric data) would not be defined in the common file format. The CBEFF's initial conceptual definition was achieved through a series of three Workshops cosponsored by the National Institute of Standards and Technology and the Biometric Consortium on May 10, September 17, and December 1, 1999. A Technical Development Team, formed as a result of these Workshops, developed CBEFF as described in this publication. To ensure that the biometric data format would be in agreement with other biometric industrial efforts, the development was coordinated with industrial organizations such as the BioAPI Consortium, the X9.F4 Working Group, the International Biometric Industry Association, and the Interfaces Group of TeleTrusT. The development included efforts focused on harmonizing the data formats among CBEFF, draft ANSI standard X9.84 and the specification developed by the BioAPI Consortium. Participation of the International Biometric Industry Association (IBIA) as the registration authority for the biometric data format was also addressed..." [from the Foreword to NISTIR 6529]

Principal TC References

• OASIS TC for XML Common Biometric Format (XCBF)
• XCBF TC Charter
• OASIS XCBF TC Current Members
• XCBF Document Archive
• XCBF TC Past Announcements
• Announcement 2002-03-7: "OASIS Members Form Technical Committee to Define XML Standard for Biometrics."
• Announcement 2002-02-11: "OASIS Technical Committee for XML Common Biometric Format (XCBF)"
• Main mailing list: xcbf@lists.oasis-open.org and archives
• Mailing list for (non-TC-member) comments: xcbf-comment@lists.oasis-open.org and and archives. See the mailing list subscription manager.
• Contact: Phillip H. Griffin (TC Chair, Griffin Consulting)

TC Deliverables

• XML Common Biometric Format. XCBF Version 1.1. Edited by John Larmouth (Individual Member). Approved as an OASIS Standard, August 2003. 74 pages. Contributors: Tyky Aichelen (Technical Committee Chair, IBM), Ed Day (Objective Systems), Dr. Paul Gérôme (Individual Member), Phillip H. Griffin (Individual Member), John Larmouth (Individual Member), Monica Martin (Sun Microsystems), Bancroft Scott (OSS Nokalva), Paul Thorpe (OSS Nokalva), Alessandro Triglia (OSS Nokalva), Rick Randall (Booz Allen Hamilton), John Messing (American Bar Association), Clifford Thompson (Individual Member), John Aerts (LA County Information Systems Advisory Body), Michael Nguyen (The Infocomm Development Authority of Singapore). See the announcement for specification ratification. [source .DOC, cache]

• XML Common Biometric Format. CS Version 1.1. June 2003. See the news story. [source .DOC]

• [February 06, 2003]   OASIS XML Common Biometric Format Moves Toward Standardization.    A posting from Phillip H. Griffin (OASIS XCBF TC Chair) announces that the XML Common Biometric Format specification from the XML Common Biometric Format Technical Committee has been approved as an OASIS Committee Specification. The TC has also voted to begin the CS public comment period required for to move the specification forward toward approval as an OASIS Standard. The public review period extends from January 28, 2003 through February 28, 2003. The TC has invited comment from its external liaison affiliates and other expert bodies, including X9F, ISO TC68/SC2, INCITS T4, INCITS M1, ASN.1 Consortium, ASN.1 ITU-T list, and the Biometric Consortium. "Biometrics are automated methods of recognizing a person based on physiological or behavioral characteristics. They are used to recognize the identity of an individual, or to verify a claimed identity. The XCBF specification defines cryptographic messages represented in XML markup for the secure collection, distribution, and processing, of biometric information. These messages provide the means of achieving data integrity, authentication of origin, and privacy of biometric data in XML based systems and applications. Mechanisms and techniques are described for the secure transmission, storage, and integrity and privacy protection of biometric data."

• [December 11, 2002] Web Services Security XCBF Token Profile." Edited by Phillip H. Griffin (Griffin Consulting) and Monica J. Martin (Drake Certivo). Working Draft 1.0. Monday, 25-November-2002. ['A working draft submitted for consideration by the OASIS Web Services Security (WSS) Technical Committee.'] "This document describes the use of XML Common Biometric Format (XCBF) cryptographic messages within the WS-Security (WSS) specification. Biometric technology can be used for identification and authentication. Biometrics are the measurable physical characteristics or personal behavioral traits that can be used to recognize the identity of an individual, or to verify a claimed identity. XCBF defines a common XML markup representation of the patron formats specified in NIST Common Biometric Exchange File Format. XCBF messages are validated against an ASN.1 schema. This schema definition language is used to define X.509 certificates and CRLs, and the cryptographic messages used to secure electronic mail in RFC3369 and X9.96 XML Cryptographic Message Syntax. In an instance of communication, XCBF messages may be represented in a compact binary format or as well-formed XML markup. A common XCBF security token is defined to convey and manage biometric information used for authentication and identification. Each binary representation of an XCBF message has an XML markup representation. Both representations share the same schema. This characteristic allows XML markup to be used in resource rich environments, but transferred or stored in a compressed binary format in resource poor environments, e.g. smart cards, wireless and remote devices, and high volume transaction systems. XCBF messages may include digitally signed or encrypted information. The binary format used to represent XCBF messages relies on the canonical Distinguished Encoding Rules (DER) used to encode X.509 certificates. The XML markup format used in this Standard is the canonical variant of the XML Encoding Rules (XER)..."

• [November 25, 2002] "XML Common Biometric Format (XCBF)." OASIS TC Working Draft, Version 01. Sunday, 17-November-2002. 81 pages. Edited by Phillip H. Griffin (Griffin Consulting). Produced by members of the OASIS XML Common Biometric Format (XCBF) TC. Contributors: Tyky Aichelen (IBM), Ed Day (Objective Systems), Dr. Paul Gérôme (AULM), Phillip H. Griffin (Chair, Griffin Consulting), John Larmouth (Larmouth T&PDS Ltd), Monica Martin (Drake Certivo), Bancroft Scott( OSS Nokalva), Paul Thorpe (OSS Nokalva), and Alessandro Triglia( OSS Nokalva). "Biometrics are measurable physical characteristics or personal behavioral traits that can be used to recognize the identity of an individual, or to verify a claimed identity. This specification defines a common set of secure XML encodings for the patron formats specified in CBEFF, the Common Biometric Exchange File Format (NISTIR 6529). These CBEFF formats currently include the binary biometric objects and information records in two ANSI standards. These XML encodings are based on the ASN.1 schema defined in ANS X9.84:2002 Biometrics Information Management and Security. They conform to the canonical variant of the XML Encoding Rules (XER) for ASN.1 defined in ITU-T Rec. X.693, and rely on the same security and processing requirements specified in X9.96 XML Cryptographic Message Syntax (XCMS). Values of the Biometric Information Record (BIR) defined in ANSI/INCITS 358-2002 - Information technology - BioAPI Specification can be represented in the X9.84 biometric object format can also be represented using XML markup and secured using the techniques in this standard. This standard defines cryptographic messages represented in XML markup for the secure collection, distribution, and processing, of biometric information. These messages provide the means of achieving data integrity, authentication of the origin, and privacy of biometric data in XML based systems and applications. Mechanisms and techniques are described for the secure transmission, storage, for integrity and privacy protection of biometric data." Sources: ZIP archives for the v01 spec and schemas.

Related Resources

• "XML and Security": General references.
• CBEFF web site
• CBEFF: Common Biometric Exchange File Format. NISTIR 6529. January 3, 2001. By Fernando L. Podio, Jeffrey S. Dunn, Lawrence Reinert, Catherine J. Tilton, Lawrence O'Gorman, M. Paul Collier, Mark Jerde, and Brigitte Wirtz. 37 pages. [cache]
• See also: "ASN.1 Markup Language (AML)."

Articles, Papers, News

• [September 16, 2003] "XML Common Biometric Format (XCBF) Ratified as OASIS Standard." - "The OASIS standards consortium today announced that its members have approved the XML Common Biometric Format (XCBF) version 1.1 as an OASIS Standard, a status that signifies the highest level of ratification. XCBF provides a standard way to describe information that verifies identity based on human characteristics such as DNA, fingerprints, iris scans, and hand geometry. XCBF can be used in applications as varied as homeland security, corporate privacy, law enforcement, and biotechnical research. It will assist in identifying citizenship, measuring attendance, controlling access to documents, facilitating non-repudiation in commerce, and many other functions. Tyky Aichelen of IBM, chair of the OASIS XCBF Technical Committee, stated, "XCBF bridges the gap between the worlds of biometrics and Web services, making it possible to have a common, standardized, secure way to define, store, manage, and exchange biometric information with greater interoperability between systems." "Traditional biometric standards are based on binary encoding formats, which severely limit their use in XML-enabled systems and applications," explained John Messing, American Bar Association representative to OASIS. "By providing a standard way for biometric information to be exchanged using XML, XCBF literally redefines biometrics as a practical solution for a Web-based environment." Members of the OASIS XCBF Technical Committee include Booz Allen Hamilton, IBM, MTG Management Consultants, and others..."

• [May 16, 2002] "Biometric based Digital Signature Scheme." By Rohas Nagpal and Shuchi Nagpal (Asian School of Cyber Laws, India). IETF Internet-Draft. Intended Category: Informational. Reference: 'draft-nagpal-biometric-digital-signature-00.txt'. May 2002; expires: October 2002. "Digital Signatures are fast emerging as a viable information security solution, satiating the objectives of data integrity, entity authentication, privacy, non-repudiation and certification. The technique, as it stands today, faces the problem of the maintenance of the secrecy of the private key. This document provides a conceptual framework for the establishment of a biometric-based key generation scheme. In this scheme, the private key is generated each time a document or record requires to be signed. Such generation is based upon a combination of biometric traits... Biometrics is the use of some physiological or behavioural characteristics for authentication and identification. This technique of authentication is based upon the fact that certain characteristics are never the same in any two people. Biometric recognition systems operate in two modes: one is the identification where the system identifies a person by searching a large database for a match and the other the authentication mode where the systems verifies a person's claimed identity by checking against a previously entered pattern. The techniques included in this method of identification are retina scanning, iris scanning, fingerprint verification, voice verification, facial analysis etc. Biometric based authentication schemes are utilized in sectors like Public services, Law Enforcement and Banking... The authors propose a biometric-based key generation scheme, [in] which a private key of the person would be generated every time that the person wishes to sign (or for that matter decrypt) a record. His public key, on the other hand will always be taken from the records of the bank (or other Government appointed agency) where the key pair was first generated. An elaborate key revocation protocol would have to be worked out based upon current practices with relevant modifications. The private key should be allowed to sign as long as the iris, retina and fingerprint of the person are in adequate physical proximity to the system. Once that proximity is lost, the private key should be permanently erased by the system. This method of key generation would ensure the trust of the public in cryptography and digital signatures to a much larger extent. It would be possible to utilize this method in many applications requiring authentication or identification..."

• [April 15, 2002] "XML Biometric Standards Jell." By John Zyskowski. In Federal Computer Week (April 15, 2002). "As interest grows in using biometric technology, such as fingerprint and facial scanners, to improve security and assist law enforcement, a new standards-making committee has begun a project that could make it much easier and cheaper for agencies to share biometric data about friends and potential foes. The XML Common Biometric Format Technical Committee, launched last month, will take several existing biometric standards and develop versions of them that are based on Extensible Markup Language. 'The goal is to bring industry to some framework for expressing biometric information so that they could eventually -- eliminate all the proprietary formats that prohibit different biometric solutions from being able to be used together,' said Phillip Griffin, principal of Griffin Consulting and chairman of the committee... Although the biometric market has been given a great deal of attention lately because of concerns about homeland security, it is still relatively young and -- as most new industries are -- stymied by products that typically don't interoperate or use a standard way to format data, such as scans of faces, irises, voices and fingerprints. For example, unless all law enforcement agencies use the same fingerprint system from the same vendor, it will be difficult and expensive for agencies to query one another's systems for matches or create a database of biometric data that they could all access and share. The XML Common Biometric Format (XCBF) is the latest in a series of efforts to address this situation, but it is the first to focus on XML as part of the solution. Of the other ongoing biometric standards efforts, two are recognized by the Common Biometric Exchange File Format (CBEFF), a framework for biometric standards spearheaded by the National Institute of Standards and Technology and the National Security Agency. The two efforts, called 'patron formats' of CBEFF, are the Biometrics Application Programming Interface (BioAPI), which makes it easier for applications to work together; and the ANSI X9.84 Biometric Object, which helps secure the authenticity and integrity of biometric data using digital signatures..."

• [April 06, 2002] "Pace Picks Up for Biometrics Standards Development. NIST, INCITS, ASC X9, OASIS Work in Tandem to Standardize Biometric Systems." Based upon an interview with Phil Griffin. In ANSI Online (April 03, 2002). "Validating the identity of an individual based simply on their driver's license photograph, password or handwritten signature will no longer be considered the securest method. With the advent of several new standards initiatives on Biometrics, authentication will be achieved through physiological or behavioral characteristics. Accelerated standards development in this critical area is being achieved through the collaborative efforts of formal standards groups, the federal government and consortia. The U.S. government is by far the biggest user of biometric authentication systems. The U.S. Department of Defense, the National Security Agency, the Departments of State, Justice and Transportation (namely the Federal Aviation Administration) and the Federal Bureau of Investigation rely on biometric technologies for data protection, secure access and sign-on applications and more. Essentially, biometrics are automated methods of identifying a person or verifying the identity of a person based on a physiological or behavioral characteristic. Physiological characteristics include hand or finger images, facial characteristics, speaker verification and iris recognition. Behavioral characteristics are traits that are learned or acquired including dynamic signature verification and keystroke dynamics. Simply stated, unlike conventional identification methods such as a driver's license or 'PIN' number that validate identity based on 'what you have or know,' biometrics validate identity based on 'who you are.' It's far easier to falsify an ID card or forge a handwritten signature than it is to alter a voice pattern or change the configuration of an iris... Signed into law by President Bush on October 26, 2001, the Patriot Act (Public Law 107-56) requires the development of technology standards to confirm identity. Leading biometric standardization at the federal level is the National Institute of Standards and Technology (NIST), an agency of the U.S. Department of Commerce and an ANSI member. NIST spearheaded the development of the Common Biometric Exchange File Format (CBEFF), which defines a common set of data elements necessary to support multiple biometric technologies. CBEFF also promotes interoperability of biometric-based application programs and systems by allowing for biometric data exchange... Many in the biometrics industry believe that the financial community has the most to gain from biometric standardization. The newly approved Accredited Standards Committee (ASC) X9 document, X9.84 Biometric Information Management and Security, is geared to integrate biometric information, such as fingerprint, iris scan and voiceprint, for use in the financial services industry. ASC X9, the national standards-setting body for the financial services industry and an ANSI-accredited standards developer, is supported by the American Banker's Association which serves as the group's secretariat. The X9.84 standard defines requirements for managing and securing biometric information such as customer identification and employee verification and was developed in cooperation with two of the industry groups already mentioned in this article, including NIST and BioAPI Consortium, as well as others. According to NIST's Fernando Podio who is also co-chair of the Biometric Consortium and the CBEFF development group, 'The approval of the ANS X9.84 standard is an important step for the biometrics industry. It will be extremely important in accelerating the utilization of highly secure biometric-based financial applications.' One of the latest groups to join the biometrics arena is the Organization for the Advancement of Structured Information Standards (OASIS), who has recently formed a Technical Committee (TC) to create an XML [2] Common Biometric Format (XCBF)..."

• [March 7, 2002] "Who Are You? Who..Who? Who...Who?." By Clint Boulton. In InternetNews.com (March 7, 2002). "At a time when proving you are who you say you are has perhaps reached its zenith in importance, XML interoperability group OASIS Thursday said it has put together a new technical committee to focus on biometrics. Boston's OASIS created the XML Common Biometric Format (XCBF) Technical Committee to provide a standard XML schema for biometrics, which is a way to describe information that verifies identity based on human characteristics such as DNA, fingerprints, iris scans, and hand geometry. XCBF will be used in biometric applications that measure attendance, grant access control to documents or other resources, and facilitate non-repudiation in commerce....As for the infant group XCBF, it's goal is to define a set of XML encodings for the Common Biometric Exchange File Format (CBEFF), which describes data necessary to support biometrics in a standard way. Universal Definitions will allow biometric data to be validated and exchanged without ambiguity. CBEFF is a draft of the American National Standards Institute (ANSI), maintained by the National Institute of Standards Technology (NIST). "What's critically important is that XCBF meets the American National Standard X9.84 security requirements regarding the authenticity and integrity of biometric data," said Jeff Stapleton of KPMG LLP, chair of the X9F4 working group of the X9 Accredited Standards Committee (ASC) of ANSI. By basing this XML work on the schema and security mechanisms defined in X9.84, it should be possible for XCBF to meet these requirements'..."

• "XML Set to Boost Biometrics." By Margaret Kane. In CNET News.com (March 07, 2002). "A standards group is hoping that a key Web language will provide a standard way for computers and technology to describe human characteristics. The Organization for the Advancement of Structured Information Standards, or OASIS, said Thursday that it has formed a technical committee to develop an XML standard for biometrics... The proposed XCBF standard will define information such as DNA, fingerprints, iris scans and hand geometry for use in identification and authentication. Its basis in XML will help facilitate the transfer of biometric information across the Internet, the organization said..."

• "XML-Based Biometric Standard in Works." By Dennis Fisher. In eWEEK (March 07, 2002).

• [March 08, 2002] "XML for biometrics... Should Transmeta transmutate?" By Sylvia Carr (Senior Editor). In ZDNet AnchorDesk (Friday, March 8, 2002). "Biometrics is being pushed forward as a key security tool to keep us safer from terrorists. Now a standards body wants to make biometrics Web-friendly via an XML standard... Yes, it sounds ultra-geeky. But following Sept. 11 [September 11, 2001], biometric security solutions top the To-Do lists of many lawmakers and security experts. But how biometrics plays on the Web is critical. Thus this effort is now afoot: the development of an XML standard for the science that purports to use you as your password. This standard would become the proscribed method for computers to describe human characteristics. To be developed by the Organization for the Advancement of Structured Information Standards, these XML specs will define information such as DNA, fingerprints, iris scans, and hand geometry for use in identification and authentication. The XML component will facilitate the transfer of these digital slices of you and me across the Internet..."

• BioAPI Specification Version 1.00. March 30, 2000. Developed by the BioAPI Consortium. 114 pages. Purpose and scope: "The BioAPI is intended to provide a high-level generic biometric authentication model; one suited for any form of biometric technology. It covers the basic functions of Enrollment, Verification, and Identification, and includes a database interface to allow a biometric service provider (BSP) to manage the Identification population for optimum performance. It also provides primitives which allow the application to manage the capture of samples on a client, and the Enrollment, Verification, and Identification on a server. This specification defines the Application Programming Interface and Service Provider Interface for a standard biometric technology interface. It is beyond the scope of this specification to define security requirements for biometric applications and service providers, although some related information is included by way of explanation of how the API is intended to support good security practices..." See also the BioAPI specification Version 1.1, March 16, 2001 (cache v1.1). [cache 1.0]