Microsoft backs XML security spec

[No User]

Microsoft has teamed up with software partners VeriSign and WebMethod to launch a specification aimed at simplifying digital signatures used in ecommerce applications.

To ease the integration of public key infrastructure (PKI) and digital certificates, the three companies have created the XKMS spec (XML Key Management Specification) which they say makes it easier for programmers to create online applications with digital signatures.

Currently, developers are required to buy and integrate specialised toolkits from a PKI software vendor. These toolkits only interoperate with that vendor's PKI offerings. But developers can use XKMS to integrate authentication, digital signatures and encryption services, such as certificate processing and revocation status checking, into applications.

Warwick Ford, chief technology officer at VeriSign, said: "For the next generation of ecommerce applications to truly support high-value transactions, the handling of digital keys for online authentication, digital signatures and data encryption must be simple to integrate, and must interoperate across a broad range of enterprise applications."

The specification works with trust functions residing on servers and accessible through programmed XML transactions. XKMS is also compatible with emerging standards for web services description language (WSDL) and simple object access protocol (Soap).

The specification will be submitted to the appropriate web standards bodies, and Microsoft said XKMS will be integrated into its .Net architecture.

Analysts said that by having a standard such as XKMS it will be possible for companies to accelerate the process of finalising an online contract or completing a transaction by having the capability to accept a legitimate signature electronically.

"At the level of XML, you have to have all of the things associated with security processing," said Frank Prince, an analyst at Forrester Research. "Any key management system should be built at that level." 

H If you would like to comment on this article email us @ newseditor at vnunet.com