OASIS creates new security standards body

Looking to create a common set of terms and components that could help speed the adoption of security standards in Web services, OASIS (the Organization for the Advancement of Structured Information Standards) will announce the formation of the Security Standards Joint Committee (SSJC) on May 14, a body that will include members of many of OASIS’ existing security committees.

OASIS, located in Billerica, Mass., is an organization devoted to the creation and promulgation of data exchange standards that use technologies such as XML (Extensible Markup Language) and Web services.

The Security Standards Joint Committee will be chaired by Darran Rolls, director of technology at Waveset Technologies Inc., which is a member of OASIS’ Provisioning Services Technical Committee, and Phil Griffin, the owner of Griffin Consulting and the chair of OASIS’ Common Biometric Format Technical Committee. The body will be made up of the chairs of OASIS’ Access Control Technical Committee, which develops the XACML (Extensible Access Control Markup Language) standard; the Provisioning Services Technical Committee; the Common Biometric Format Technical Committee responsible for XCBF (XML Common Biometric Format); the Rights Language Technical Committee; and the Security Services Technical Committee which handles SAML (Security Assertion Markup Language), Rolls said.

The SSJC “will try to instil consistency” across the standards bodies that make it up, creating common terms, components and syntax for the standards bodies to use if they so choose, he said. The SSJC will have no control over the individual groups, he added.

“We are looking to ensure consistency…common understanding, common terms” among the standards, he said. Such work is needed because “for adoption to happen, there (has) to be a clear, concise view” of the standards, he said.

“The potential of Web services will not be realized without security,” Rolls added.

The work of creating standards is important, Rolls said, because “standards provide the end user…an understanding that all of this stuff is going to fit together and work together, that you’re not buying in to a single vendor’s vision.”

“It shows that your vendor is committed to openness,” a value that brings it owns rewards, he said, pointing to the success of products like the Apache Web server and Sendmail e-mail server, both open-source programs that power a large chunk of the Web.

Despite the possibility that the SSJC could create more bureaucracy that would slow down the creation and adoption of Web services, Rolls expects that the body will see smooth sailing.

“It’s in everybody’s interest for this to happen,” he said. “It should be a very, very cooperative exercise.”

The SSJC’s first meeting is June 13.