Welcome Guest. | Log In| Register | Membership Benefits


InformationWeek.com December 4, 2000
Printer ready
Printer ready

XML Specification May Ease PKI Integration

Microsoft, Verisign, and webMethods proposal seeks a better way to secure b-to-b apps

By George V. Hulme

More on PKI implementation:

  • Outsourcing PKI Is An Option To Building One (11/6/00)

  • InternetWeek: Public Key Infrastructures -- Few And Far Between (11/6/00)

  • TechWeb: PKI: DIY Or Outsource? (1/7/00)


    • Send Us Your Feedback
    C ompanies seeking a better way to manage digital signatures and data encryption will have a new option if Microsoft, VeriSign, and webMethods are successful in advancing a new key-management specification.

    The XML Key Management Specification will let software developers integrate digital signatures and data encryption into business-to-business and business-to-consumer applications, the vendors say. "Most of these applications don't have PKI built in, and you have to invest to build PKI smarts into each application," says Gartner analyst John Pescatore.

    With the proposed spec, companies that want to build digital certificates and data encryption into their E-business apps won't have to rely on toolkits from PKI software vendors, which often don't interoperate. Coupled with recently drafted XML digital-signature and encryption standards, the spec will provide a framework for broad interoperability among applications, proponents say.

    It makes sense to use XML to help companies tackle the difficult tasks of digital-signature processing, revocation, status checking, and certification, says Hurwitz Group security senior analyst Pete Lindstrom.

    The specification will be built into the Microsoft .Net architecture. And RSA Security Inc. will build related functionality into its PKI products such as BSAFE Cert-C and Cert-J toolkits and Keon PKI systems, says Scott Schnell, senior VP of marketing and corporate development.

    "This specification is built on open standards and ubiquitous tools," says Warwick Ford, chief technology officer at VeriSign Inc. "It should be fairly straightforward to support it." The propose spec will be submitted to a standards body, possibly the World Wide Web Consortium. A software developers' kit should be available within 90 days, Ford says.

    Still, companies need to look closely before they leap. "We're a long way from having a standard. It could be 18 months before it reaches that stage," Pescatore says. And it's not clear whether VeriSign competitors such as Baltimore Technologies and Entrust Technologies will back the fledgling specification.

    Back to This Week's Issue
    Send Us Your Feedback
    Top of the Page