A New Safety Net
Top Internet vendors agree to online security protocol
By Clinton Wilder
Addressing what has become the single largest barrier to routine commercial traffic on the Internet, a group of the most significant Internet vendors has agreed to create a single Internet secure transaction protocol.
IBM, Netscape Communications Corp., and the top three online services companies announced on April 10 that they will support a plan to unite the Internet's two different secure transaction protocols, Secure Hypertext Transfer Protocol (S-HTTP) and Netscape's Secure Sockets Layer (SSL). The vendors have agreed to work with--and make equity investments in--a Menlo Park, Calif., Internet developer called Terisa Systems.
( Final report from Internet World: Apple and Sun launch internet strategies, Compuserve offering graphical Web access)
Security in numbers:
Some of the nation's top Internet vendors announce intentions to adopt a common security protocol. Pictured from left are David Kaiser, AOL; Sandy Trevor, CompuServe; Jay Tenenbaum, EIT; John Patrick, IBM; Marc Andreessen, Netscape; Bill Day, Prodigy; Jim Bidzos, RSA; Allan Schiffman, Terisa Systems; and standing, Patrick McGill, also of Terisa.
The disagreements between the vendors supporting S-HTTP and SSL had threatened to force businesses wanting to do sales online to deal with customers differently, based on which Internet browser was used. Some browsers can handle online credit-card transactions, for example, while others can't, depending on which security standard the browser uses.
"As a content provider, we want everyone to have the same experience when they visit our Web site," says Jordan Gold, publisher of online services for the Macmillan Digital unit of Macmillan Publishing USA in Indianapolis. "We don't want to ask them what browser they have and treat them differently."
'Timely Plan'
By June, Terisa will add SSL to its S-HTTP-based Secure-Web Toolkit for World Wide Web software developers, according to the announcements from IBM, America Online, Prodigy Services, and CompuServe. "Their plan is timely," says Emily Green, a senior analyst with Forrester Research Inc. in Cambridge, Mass. "The lack of security standards is the major obstacle to consumer and merchant confidence in commerce on the Internet. There is an incredible appetite for tools to solve the problem."
Terisa was formed last year to develop secure Internet transaction technology. It is a joint venture between encryption specialist RSA Data S ecurity Inc. and Enterprise Integration Technologies Corp. (EIT), a technology infrastructure provider for the CommerceNet online business consortium. AOL, CompuServe, Netscape, and Prodigy now join EIT and RSA as equity owners of Terisa, but no specific financial terms were disclosed.
After Terisa delivers the new SecureWeb toolkit, the vendor will then work with the relevant Internet standards committees to get the new hybrid standard approved. The vendors say they expect software for secure Net transactions based on this proposed standard to be available by year's end.
Safety Code
The unification effort paves the way toward universal, secure Internet commerce by offering a new standard that's essentially a hybrid of S-HTTP and SSL, compatible with both, say the participating vendors. The dual-standard "was shaping up to be a nasty battle, and, at AOL, we saw it as a hindrance to market development," says David Kaiser, VP of projects at AOL's WebSoft subsidiary. "This approach re
ally finesses the problem." Adds John Patrick, VP of Internet applications at IBM: "We were planning to incorporate both standards. This just makes it easier."
This effort is the first major multivendor step toward standardization and making the untamed Net a safe place for consumer and corporate customers to exchange money. But some in the industry suggest that the Terisa contingent could actually set back the prospect for reliable secure Internet transactions.
Those concerns revolve around Web browser powerhouse Netscape, the year-old Mountain View, Calif., company led by former Silicon Graphics chairman Jim Clark and original Mosaic developer Marc Andreessen. Netscape developed SSL while Terisa maintains S-HTTP, so both companies are positioning the Terisa effort as the end of bad blood in the Internet secure transactions standards wars. But Netscape's competitors stress that Netscape still controls the SSL standard and could potentially add proprietary upgrades and enhancements, even if the current version is an "open" standard in the public domain.
Different Approaches
In addition, other competitors are pushing different approaches. Spyglass Inc. in Naperville, Ill., is one of four members of the Electronic Business Co-Op, a consortium that announced April 10 plans to support secure Internet credit-card transaction technology without using
S-HTTP or SSL.
Hope for a resolution of the security standards situation appears to lie with two standards committees, the World Wide Web Consortium (known as W3) and the Internet Engineering Task Force. Neither body has officially endorsed a transactions security standard yet, and Terisa says it will submit its new SecureWeb Toolkit to both for review. Internet vendors say they'll heed the endorsements of the standards committees, but such groups are not known for speedy decisions.
Photo: Linda Sue Scott
This Week's Issue
Technology Whitepapers
- Mobile BI: Actionable Intelligence for the Agile Enterprise
- Creating the Enterprise-Class Tablet Environment - by Yankee Group
- How To Regain IT Control In An Increasingly Mobile World - by BlackBerry
- Red Alert: Why Tablet Security Matters - by BlackBerry
- New Visual and Wizard-Driven Paradigms for Exploring Data and Developing Analytic Workflows
