December 07, 2000, 1:13 PM —
Microsoft Corp. and VeriSign Inc. last week unveiled an XML-based online security
standard aimed at allowing easier integration of digital signatures and encryption for
The protocol, known as the XML Key Management Specification (XKMS), uses the
relative simplicity of XML to implement two key aspects of secure e-commerce, according
to the companies.
The specification will be submitted to Web standards bodies for consideration as an
open Internet standard.
Kama Krishna, an analyst at Ryan, Beck & Co. in Livingston, N.J., said the proposed
specification validates the use of XML as a de facto standard for a wide range of e-
WebMethods Inc., an enterprise application integration firm in Fairfax, Va., joined
security company VeriSign and software giant Microsoft in designing XKMS.
RSA Security Inc., an encryption company in Bedford, Mass., said in a statement that
it's backing the proposed standard and including it in future software releases.
XKMS aims to simplify application building by moving digital-signature handling and
encryption out of the applications themselves.
Instead, complex functions such as digital certificate processing and revocation
status checking can be placed on servers and accessed as needed through programmed XML
XKMS could boost online security by merging the protections of digital certificates,
public-key infrastructure and the graceful nature of the XML Web language, said Pete
Lindstrom, a security analyst at Hurwitz Group Inc. in Framingham, Mass.
"Using XML for security . . . enables folks to bring security mainstream, along with
the e-commerce functionality XML is bringing to the online world," he said.
He called the proposed standard "like SSL on steroids," referring to the Secure
Sockets Layer encryption technology built into Web browsers.
Several online retail companies contacted by Computerworld wouldn't comment on
whether they will consider incorporating XKMS into their Web sites. Spokeswomen at
Sears.com, CDnow Inc. and Landsend.com said their firms wouldn't discuss the
technologies they use.
A review of the proposal could take 12 to 18 months before the standard could be
adopted by the World Wide Web Consortium standards body. But because XKMS has been
proposed by three of the biggest names in their respective businesses, its eventual
adoption is likely, said Charles Kolodgy, an analyst at IDC in Framingham, Mass.