Search /
Advanced search  |  Help  |  Site map
Click for Layer 8! No, really, click NOW!
Networking for Small Business
How a cyber cob patrols the underworld of e-commerce
Kill switches coming to iPhone, Android, Windows devices in 2015
Galaxy S5 deep-dive review: Long on hype, short on delivery
Google revenue jumps 19 percent but still disappoints
Windows XP's retirement turns into major security project for Chinese firm
Teen arrested in Heartbleed attack against Canadian tax site
Still deploying 11n Wi-Fi?  You might want to think again
Collaboration 2.0: Old meets new
9 Things You Need to Know Before You Store Data in the Cloud
Can Heartbleed be used in DDoS attacks?
Secure browsers offer alternatives to Chrome, IE and Firefox
Linksys WRT1900AC Wi-Fi router: Faster than anything we've tested
Heartbleed bug is irritating McAfee, Symantec, Kaspersky Lab
10 Hot Hadoop Startups to Watch
Server makers rushing out Heartbleed patches
Fortinet, McAfee, Trend Micro, Bitdefender battle in socially-engineered malware prevention test
Net neutrality ruling complicates US transition to IP networks
Net neutrality ruling complicates US transition to IP networks
6 Social Media Mistakes That Will Kill Your Career
Canonical's new Ubuntu focuses on the long haul
4 Qualities to Look for in a Data Scientist
Big bucks going to universities to solve pressing cybersecurity issues
Mozilla appoints former marketing head to interim CEO
Box patches Heartbleed flaw in its cloud storage systems
Obama administration backs disclosing software vulnerabilities in most cases

Vendors jostling over XML security specs

Today's breaking news
Send to a friendFeedback

It's a bit like the presidential election, but only within the software industry: Two camps are promoting their own security specification for XML as a winner, while the public really just wants one that works when it's put to a real-world test.

On one side, Netegrity last week joined with Sun, WebMethods, VeriSign, Art Technology Group, Commerce One and others to back a specification they call the Security Services Markup Language (S2ML). The specification, which is expected to be unveiled next month, is XML-based technology that's supposed to be used in software applications to capture and share authentication and authorization information. Its envisioned use is in complex supply-chain environments and trading exchanges to simplify user authorization.

However, a second camp led by Securant is pushing a similar specification called AuthXML. Its supporters include Check Point Software Technologies, SilverStream and others. Entrust, iPlanet, Oracle, IBM and others are evaluating the specification, according to Securant.

Like some Florida voters who apparently punched more than one hole in their ballot, a few of the S2ML backers are also AuthXML enthusiasts, including WebMethods and VeriSign.

Companies interested in an XML-based security specification say they hope the two camps somehow manage to combine these nascent efforts into one winning technology that would provide the equivalent of single sign-on for e-commerce purchasing.

"We're a strong proponent of open standards, and we'd like to see a single spec," says Chris Haddad, an engineer at Employease, an Atlanta company that provides a hosted application used by more than 1,000 companies to purchase business services.

"We don't want to see this XML single sign-on go the way of PKI," he adds, referring to the fact that public-key infrastructure vendors failed to achieve interoperability in their digital-signature products after squabbling over technology.

Securant's principle technological evangelist Darren Platt contends that both XML security camps "identified the need at the same time. ... It was a bit of a surprise" to hear about the Netegrity-led effort last week because Securant met last month in San Jose with a dozen software vendors, including Netegrity, to discuss its XML security specification, he said.

Whether the two camps can get together remains up in the air, but like Netegrity with S2ML, Securant plans to make its technology publicly available. "Our goal is a single industry standard," Platt says.

Backers of S2ML say they expect to submit their technology as a proposed standard to the World Wide Web Consortium and the organization called Oasis, which works on XML technical and business issues.


Contact Senior Editor Ellen Messmer

Other recent articles by Messmer

ebXML Web site
Includes information about e-commerce using XML.

Software vendors planning XML-based security spec
Network World Fusion, 11/15/00.

XML working group
The W3C's XML page, chock full of resources about the markup language.

XML news
The latest news from Network World and around the 'Net.

Apply for your free subscription to Network World. Click here. Or get Network World delivered in PDF each week.

Get Copyright Clearance
Request a reprint or permission to use this article.

NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!
New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE
Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.