[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [xcbf] Re: Biometric XML Standard (Web Services)
There is work just now started in this area in two OASIS TCs, the XML Common Biometric Format (XCBF) http://oasis-open.org/committees/xcbf/ TC and WSS, Web Services Security http://oasis-open.org/committees/wss/ TC. I've already begun work defining a web service for biometrics using WSDL and the XCBF schema. But the new WSS seeks to define a generic web services security mechanism. Since this topic involves the data integrity, data privacy and authentication of origin of biometrics information, it will likely be coordinated by the Security Joint Committee http://oasis-open.org/committees/security-jc/. XCBF provides a common XML format for both BioAPI 1.1 and the X9.84 Biometric Information Management and Security standard, currently being revised by X9F4. The latest X9.84 schema is available at http://asn-1.com/x984index.html. This revision, called X9.84:2002, has been adopted by the OASIS XCBF group as the schema for their XML markup, and tool kits are starting to emerge that support both compact binary encodings of X9.84 messages and the XML representations used in XCBF (http://asn-1.com/EncodeBiometricSyntaxSets.htm). XCBF provides a means of securing biometric information represented using XML. It provides a standard way to secure both X9.84 BiometricObjects and BioAPI BIR. This is done using XML versions of the familiar Cryptographic Message Syntax types used today for secure email. The X9.84:2002 revision adopts the XML cryptographic processing defined in XCBF, and both XCBF and X9.84:2002 fully align with the fields in BioAPI 1.1 BIR. Note that the BioAPI standard does not address many issues that are addressed in the X9.84/XCBF data security standards. It provides no mechanism or guidance for key management, no algorithm independent mechanism for the identification of cryptographic algorithms and associated parameters, and no means for the identification and use of public key certificates, to name just a few. In contrast, the X9.84 and XCBF standards provide all of this. Phil Griffin Jon Baer wrote: > Hello, > > I am kinda stuck @ what is the actual standard in regards to exchanging > fingerprint, images, voiceprints, etc over the web to interact with a > secure SOAP/XML-RPC based web service. It seems to me that there are > about 4 different things going on, anyone care to say which is the > leading edge? BioAPI1.1? > > Also it seems that part of HTTP basic authentication which would move > from user/pass based to biometric based would need to be rewritten into > part of the HTTP 1.1 protocol or be plug-in based and working with the > server correctly to authenticate, in which case I have seen items work > via a plug in on IE (ActiveX control), via the object tag but nothing in > a neutral fashion which would suggest if you wanted to biometrically > control certain webpage in an enterprise setting that you would need to > be uniform in your browser and server settings. Is this correct? > > Thanks. > > - Jon > > > ------------------------------------------------------------------- > The preceding was forwarded by the Biometric Consortium's Electronic > Discussion Group. Any opinions expressed here do not necessarily > reflect those of the Biometric Consortium. Further distribution > is prohibited. > > Problems and questions regarding this list should be sent to > BIOMETRICS-request@PEACH.EASE.LSOFT.COM. > > To remove your name from this list please send the command > "SIGNOFF BIOMETRICS" to <LISTSERV@PEACH.EASE.LSOFT.COM>. Please > do not send the "SIGNOFF BIOMETRICS" command to the BIOMETRICS list. > > To update membership information (new e-mail address etc.), please send > a message to <bailey@biometrics.org> providing the updated information. > ------------------------------------------------------------------- >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC