Microsoft Corp. and VeriSign Inc. today unveiled an XML-based online security standard aimed at allowing easier integration of digital signatures and encryption for e-commerce.
The protocol, called the XML key management specification (XKMS), uses the relative simplicity of XML to implement two key aspects of secure electronic commerce, according to the companies.
The specification will be submitted to Web standards bodies for consideration as an open Internet standard.
"As the use of XML continues to gain momentum, the need for open and interoperable XML-based security and trust services becomes paramount," said Anil Pereira, senior vice president of VeriSign's Enterprise Division, in a statement.
WebMethods Inc., an enterprise application integration firm based in Fairfax, Va., joined security firm VeriSign and software giant Microsoft in designing XKMS.
RSA Security Inc., an encryption firm based in Bedford, Mass., said in a statement today that it is backing the proposed standard and including it in future software releases.
XKMS is designed to simplify application building by moving digital signature handling and encryption out of the applications themselves. Instead, complex functions, such as digital certificate processing and revocation-status checking, can be placed on servers and accessed as needed through programmed XML transactions.
XKMS could boost online security by merging the protections of digital certificates, public key infrastructure (PKI) and the graceful nature of the XML Web language, according to Pete Lindstrom, a security analyst at Hurwitz Group Inc. in Framingham, Mass.
"Using XML for security is a great idea because it basically is security for the masses," Lindstrom said. "It enables folks to bring security mainstream, along with e-commerce functionality that XML is bringing to the online world."
He called the proposed standard "like SSL on steroids," referring to the secure sockets layer encryption technology already built into Web browsers.
Kama Krishna, an analyst at Ryan, Beck & Co. in Livingston, N.J., said the proposed specification validates the use of XML as a de facto standard for a wide range of e-commerce applications.
XKMS is also compatible with the emerging standards for Web Services Description Language (WSDL) and Simple Object Access Protocol (SOAP).
The idea for the new standard was originally raised by VeriSign officials and has been in the works since early this year, according to spokesmen for the companies. It is likely that a review of the proposal could take 12 to 18 months before the standard could be adopted by the World Wide Web Consortium (W3C) standards group.
Because the XKMS specification has been proposed by three of the biggest names in their respective businesses, its eventual adoption is very likely, said Charles Kolodgy, an analyst at IDC in Framingham, Mass.
"When VeriSign, Microsoft and WebMethods speak, people listen," he saiid.