Digital Identities Kept Safe With Security Tools

Protecting and managing identity has been a hot topic for several months, and its importance doesn't appear to be waning.

At the annual RSA Conference in San Jose, Calif., last week, several security vendors provided new tools that companies can use to manage their online business partners' and customers' identities. The vendors weren't the only ones grappling with identity and security: The 10,000-plus attendees had to pass through a wall of ID checks and bomb-sniffing dogs just to get in.

VeriSign Inc. unveiled agreements to add its ID authentication and security services to Web-services platforms from BEA Systems, Hewlett-Packard, IBM, Microsoft, Oracle, Sun Microsystems, and webMethods. The services include VeriSign's Digital Trust Services, a toolkit that developers can use to share identity-management functions across multiple vendors' systems. The kit leverages XML Key Management Standard and Security Assertions Markup Language. It's free to developers and can be downloaded from XMLtrustcenter.org.

If Web services are to succeed, the transfer of digital identities and authorization is critical, analysts say. "As Web services mature, ways to secure XML transactions will have to mature," says Pete Lindstrom, director of security strategies at Hurwitz Group.

VeriSign hopes its Digital Trust Services framework will become as ubiquitous to XML transactions as Secure Sockets Layer and digital certificates when securing browser-based transactions. VeriSign is primed to deliver on that goal because of its dominant market position in Web authorization and Internet domain-name registration.

Digital signatures, which are aimed at proving people are who they claim to be, were also a highlight of the show. RSA Security Inc.'s Keon e-Sign binds a digital signature to a Web document; if the document is tampered with, the digital signature becomes invalid.

RSA Security says the software helps companies comply with electronic signing legislation such as e-Sign, the EU Directive on Electronic Signatures, and the Health Insurance Portability and Accountability Act.

For digital signatures to be binding, they must address the same issues as physical signatures: authentication, acceptance of terms within the signed document, proof of the document's integrity after signing, and nonrepudiation.

Keon e-Sign will be available in 30 days; pricing is not yet available.