AuthXML Working Group Submits AuthXML Specification to OASIS XML Security Services Technical Committee

Business Wire, Feb 12, 2001

Business Editors

SAN FRANCISCO--(BUSINESS WIRE)--Feb. 12, 2001

Major Initiative Aims To Merge Related XML Security Standards

Within OASIS

The AuthXML Working Group today announced that it has submitted the AuthXML specification to the OASIS XML Security Services Technical Committee to advance the creation of a unified security interoperability standard based on XML. AuthXML will be considered along with other initiatives, including S2ML, to establish a standardized XML framework for exchanging authentication and authorization information across disparate Web technologies, applications and platforms.

"A standardized approach for communicating Web session security data across multi-vendor systems is required to enable seamless e-commerce transactions," said Tony Bailey, Director of industry analyst firm Enterprise Management Associates (www.enterprisemanagement.com). "By submitting an advanced stage and well defined specification like AuthXML to the OASIS XML Security Services Technical Committee, the AuthXML Working Group is making a significant development contribution toward the creation of an industry standard solution to the multi-site Web security problem."

AuthXML addresses critical security interoperability issues that are limiting the ability of the Internet to support secure electronic transactions that span multiple Web sites and organizations. With each organization conducting business on the Web using separate systems for performing user authentication and authorization, exchanging security data between trading partners, affiliated organizations, and between businesses and consumers, is impossible. AuthXML defines a standard method for presenting and maintaining security details as a user or session traverses linked Web sites that are based on proprietary technologies.

"OASIS is pleased to see the submission of AuthXML to the OASIS XML Security Services Technical Committee and the active participation of its developers in the committee work," said Karl Best, director of technical operations for OASIS. "Developing this work under the auspices of OASIS brings diverse organizations together to pursue a common goal."

The AuthXML Working Group is comprised of over 45 active contributors, and its AuthXML specification has been reviewed by more than 225 organizations. Through a broad collaborative effort, the AuthXML specification has evolved rapidly. This advanced level of development will allow AuthXML to make a significant contribution and become even more refined within the auspices of the OASIS XML Security Services Technical Committee.

"The goal all along with AuthXML has been an open standard for multi-vendor interoperability," said Eric Olden, Chief Technology Officer of Securant Technologies and a co-author of the original AuthXML specification. "By bringing AuthXML into OASIS, the AuthXML Working Group hopes to achieve a unified standard that moves the market forward and enables seamless single sign-on and secure distributed transactions across multiple Web sites."

The XML Security Services Technical Committee plans to publish draft specifications by June 2001, and to submit a formal specification to the OASIS membership by September 2001.

About the AuthXML Working Group

AuthXML is a vendor-neutral specification that enables the integration of proprietary Web security, network security, B2B infrastructures and applications with individual Internet-based user sessions and transactions. The specification derives its name from the fact that it uses XML and links the two primary components of Web transaction security: Authentication and Authorization. AuthXML is designed to enable the seamless flow of Web-based transactions between trading partner sites that may be using different security systems, and within a given site that may be deploying multiple applications that require integrated security. The goal of the AuthXML Working Group is to achieve a universally accepted standard that uses XML technology to enable authentication and authorization functions to be performed across and interoperate with multi-vendor Web security systems, packaged and custom Web applications, and network level security systems.