--- begin forwarded text To: dcsb@ai.mit.edu Subject: Newsletter Internetwk: InternetWeek Newsletter - Nov. 25 Date: Tue, 25 Nov 1997 08:01:13 -0500 From: "Eric S. Johansson" <esj@harvee.billerica.ma.us> Sender: bounce-dcsb@ai.mit.edu Precedence: bulk Reply-To: "Eric S. Johansson" <esj@harvee.billerica.ma.us> ------- Forwarded Message That Ain't No Standard Spec It looks like SET may have run out of breath before even leaving the starting gate. Despite a dogged insistence by its sponsors that the 6-month-old Secure Electronic Transactions specification is essential to the growth of Internet commerce, the technology's creators cannot point to one operational deployment. And with good reason, apparently. The two main beneficiaries of the technology--merchants and banks--say the technology is severely flawed. They say compliance with the spec does not guarantee compatibility across vendor implementations. They further charge that SET is too complex to integrate cleanly with legacy transaction systems. In short, they say, the standard is not a standard at all. "It's an enormously complex technology that's flawed from the bottom up," according to Aberdeen Group analyst Chris Stevens. "The only people who are interested in it are the credit card associations, analysts, the press, Hewlett- Packard and IBM." Two of SET's inventors, Hewlett-Packard's VeriFone division and IBM, all but admitted SET's shortcomings earlier this month when they announced a program to ensure that their SET 1.0-enabled products are interoperable. The results will be published in a reference guide for developers. But SET products are supposed to be interoperable by definition, according to the published spec. Other features of the spec are confidentiality of information, integrity of data, card holder account authentication and merchant authentication. The preliminary 0.0 version of the spec has been extended to February of next year so retailers can work with a more tested version through the Christmas season. Version 2.0 is already in the works for release late next year. As a result of the glitches, the sponsors of the initiative, mainly the credit card issuers and E-commerce software vendors, are loosening their definition of a standard. "In the SET 1.0 specification, we tried to be as precise as possible, but any specification is open to interpretation," said Steve Mott, MasterCard's senior vice president for E-commerce. "The marketplace will determine if it's a standard." Mott acknowledged that the root of SET's troubles is its complexity. SET relies on a three-tier architecture-the client wallet, the merchant server and the gateway to processing banks. Not only does each tier have to exchange transaction data, but it must be able to do so with software developed by different vendors. Moreover, as a certificate-based system, SET requires the management of digital certificates for millions of merchants and consumers. All of this has left the banking industry holding the ball. "There are a lot of operational issues left unresolved, like the problem of integrating SET and a new level of certificate information with the banks' legacy systems," said Stephanie Denny, until recently the vice president and director of marketing for Bank of America's credit card unit. By Matthew Friedman http://techweb.cmp.com/internetwk/news/news1124-1.htm ************************* - ------------------------------------------------------- Copyright 1997 CMP Media Inc. a service of InternetWeek. - ------------------------------------------------------- Distributed by Email Publishing Inc. - http://www.emailpub.com ------- End of Forwarded Message For help on using this list (especially unsubscribing), send a message to "dcsb-request@ai.mit.edu" with one line of text: "help". --- end forwarded text ----------------- Robert Hettinga (rah@shipwright.com), Philodox e$, 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' The e$ Home Page: http://www.shipwright.com/ Ask me about FC98 in Anguilla!: <http://www.fc98.ai/>