OASIS group forms to tackle digital signature quagmire

ORGANIZATION FOR THE Advancement of Structured Information Standards (OASIS) consortium members on Thursday set about to build standards to enable trusted and simplified digital signature processing for Web services environments by forming a new OASIS Digital Signature Services Technical Committee.

Free IT resource TechNet: More ways to know it, share it, and keep it running. Sponsored by Microsoft Free IT resource Attend the SOA Executive Forum: Breaking SOA Bottlenecks SOAExecForum.com/may2007 Sponsored by InfoWorld

The new OASIS group will work to develop open XML protocols to centrally control, pass along, and validate digital signatures and provide cryptographic time-stamping services as well as to ensure a presented signature was created within its private key validity timeframe, said Robert Zuccherato, chair of the newly formed OASIS committee.

"We saw a need for standards dealing with signature processing. The W3C has done a lot of good work of defining syntax of XML signatures and a lot of management around that, but actual signature processing, creating or verifying signatures, pass and validation around that is a hard problem to solve," said Zuccherato, a research scientist at Dallas-based Entrust.

He said the OASIS Digital Services Technical Committee hopes to have the complete work on the new standard within a year. The group's first meeting is scheduled for Dec. 2, and application for membership is still open.

Companies signed to the Web services digital signature crusade so far include Entrust, Tibco Software, VeriSign, WebMethods, Iona, and NIST, among others.

It is possible that the fledgling standard could be impacted by other evolving OASIS Web services standard initiatives, such as SAML (Secure Access Markup Language) and WS-Security, Zuccherato added.