[announce] OASIS to Develop Digital Signature and TimestampingProtocols

[Carol Geyer <carol.geyer@oasis-open.org>]

OASIS Members Work to Develop Digital Signature and Timestamping
Protocols

Entrust, IONA, NIST, webMethods, TIBCO, Verisign, and Others Collaborate
on Security Standard to Accelerate Web Services Deployment

Boston, MA, USA; 24 October 2002 - Members of the OASIS standards
consortium have formed a technical committee to develop open XML
protocols for digital signature and cryptographic timestamping services
operating in a Web services context. The work of the new OASIS Digital
Signature Services Technical Committee will enable Web services to
produce and verify digital signatures and provide techniques for proving
that a given signature was created within its private key validity
period.

"Digital signatures and timestamping provide the long-term integrity and
accountability that's necessary for online business transactions," said
Robert Zuccherato of Entrust, chair of the OASIS Digital Signature
Services Technical Committee. "Our work at OASIS will allow
organizations to determine the parties involved in a transaction and the
specific moment in time when a transaction occurred, with the assurance
that the transaction has not been altered since it was digitally signed.
These are all essential attributes of important business transactions."

Industry analyst, Phil Schacter, VP of Directory and Security Strategies
for the Burton Group, agrees, "Commerce between companies and supply
chains requires timestamping and signing services from trusted sources
to support non-repudiation for high value business transactions. OASIS
provides an open standards forum to advance this important aspect of
securing Web services."

The work of the OASIS Digital Signature Services Technical Committee
complements several Web services security standards currently being
developed within OASIS including XACML for access control, SAML for
authentication and authorization, and WS-Security for secure Web
services. Specifications developed within the World Wide Web Consortium
(W3C), including XML Signature and XML Key Management, are also related
to this new effort.

"This new OASIS technical committee will build on the foundational work
that the W3C has accomplished in the area of digital signatures,"
explained Karl Best, director of technical operations for OASIS.
"Maintaining active liaisons with other initiatives--both internal and
external to OASIS--will ensure that the output of this committee will
fit well within the 'big picture' of security standards."

Participation in the OASIS Digital Signature Services Technical
Committee remains open to all organizations and individuals. OASIS will
host an open mail list for public comment, and completed work will be
freely available to the public without licensing or other fees.
Information on joining OASIS can be found on
http://www.oasis-open.org/join.


Industry Support for OASIS Digital Signature Services

"As a sponsor member of OASIS, we are excited about this new technical
work, which we feel is essential to the development of Web services
security," said Bill Conner, chairman, president and CEO of Entrust. "We
view open, interoperable digital signature and timestamping services as
critical components of our recently announced Entrust Secure Transaction
Platform."

"Security is one of the major remaining obstacles to the wide-spread
adoption of Web services for enterprise integration." said Eric
Newcomer, CTO at IONA.  "We are always pleased to see open standards
activities make progress on key aspects such as the document
confidentiality protection that digital signature services will provide,
and are looking forward to working with our fellow members to improve
Web services security and promote interoperability."

"As a company dedicated to delivering robust business integration
solutions, Web services represents a critical component in our
integration strategy," said Don Adams, principal security architect at
TIBCO Software, Inc.  "The OASIS Digital Signature Services Technical
Committee will develop standards to deliver the interoperability
necessary to meet our customers' demanding requirements. Security is a
critical and necessary component to realize the promise of Web services.
TIBCO is committed to participation in this important standards effort
and to the adoption of standards emerging from OASIS."

"This proposal underscores the industry's efforts to build trust and
security into the fabric of Web services infrastructure, which VeriSign
considers to be a key hurdle on the road to widespread adoption," said
Dr. Phillip Hallam-Baker, principal scientist and Web Services Security
Architect for VeriSign, Inc. "Digital signature technology will play a
critical role in helping enterprises deploy trusted Web Services, and
VeriSign is fully behind this latest effort by OASIS."

"Web services have become an important component in many companies'
integration strategies, and as Web services proliferate, security must
not be ignored," said Jeremy Epstein, director of product security for
webMethods.  "We believe the standards emanating from the work of the
OASIS Digital Signature Services Technical Committee will play an
important role in providing companies with the comfort level they need
to promote the mass adoption of Web services."

About OASIS (http://www.oasis-open.org)

OASIS (Organization for the Advancement of Structured Information
Standards) is a not-for-profit, global consortium that drives the
development, convergence, and adoption of e-business standards. Members
themselves set the OASIS technical agenda, using a lightweight, open
process expressly designed to promote industry consensus and unite
disparate efforts. OASIS produces worldwide standards for security, Web
services, XML conformance, business transactions, electronic publishing,
topic maps and interoperability within and between marketplaces. OASIS
has more than 500 corporate and individual members in 100 countries
around the world.


For more information:

Carol Geyer
Director of Communications
OASIS (www.oasis-open.org)
carol.geyer@oasis-open.org
+1.978.667.5115 x209