Vendors propose XML security method –

Microsoft Corp. and VeriSign Inc. last week unveiled an XML-based online security standard aimed at allowing easier integration of digital signatures and encryption for e-commerce.

The protocol, known as the XML Key Management Specification (XKMS), uses the relative simplicity of XML to implement two key aspects of secure e-commerce, according to the companies.

The specification will be submitted to Web standards bodies for consideration as an open Internet standard.

Kama Krishna, an analyst at Ryan, Beck & Co. in Livingston, N.J., said the proposed specification validates the use of XML as a de facto standard for a wide range of e- commerce applications.

WebMethods Inc., an enterprise application integration firm in Fairfax, Va., joined security company VeriSign and software giant Microsoft in designing XKMS.

RSA Security Inc., an encryption company in Bedford, Mass., said in a statement that it's backing the proposed standard and including it in future software releases.

XKMS aims to simplify application building by moving digital-signature handling and encryption out of the applications themselves.

Instead, complex functions such as digital certificate processing and revocation status checking can be placed on servers and accessed as needed through programmed XML transactions.

XKMS could boost online security by merging the protections of digital certificates, public-key infrastructure and the graceful nature of the XML Web language, said Pete Lindstrom, a security analyst at Hurwitz Group Inc. in Framingham, Mass.

"Using XML for security . . . enables folks to bring security mainstream, along with the e-commerce functionality XML is bringing to the online world," he said.

He called the proposed standard "like SSL on steroids," referring to the Secure Sockets Layer encryption technology built into Web browsers.

Several online retail companies contacted by Computerworld wouldn't comment on whether they will consider incorporating XKMS into their Web sites. Spokeswomen at, CDnow Inc. and said their firms wouldn't discuss the technologies they use.

A review of the proposal could take 12 to 18 months before the standard could be adopted by the World Wide Web Consortium standards body. But because XKMS has been proposed by three of the biggest names in their respective businesses, its eventual adoption is likely, said Charles Kolodgy, an analyst at IDC in Framingham, Mass.

ITWorld DealPost: The best in tech deals and discounts.
Shop Tech Products at Amazon