Organization for the Advancement of Structured Information Standards (OASIS) consortium members on Thursday set about to build standards to enable trusted and simplified digital signature processing for Web services environments by forming a new OASIS Digital Signature Services Technical Committee.
The new OASIS group will work to develop open XML protocols to centrally control, pass along, and validate digital signatures and provide cryptographic time-stamping services as well as to ensure a presented signature was created within its private key validity timeframe, said Robert Zuccherato, chair of the newly formed OASIS committee.
"We saw a need for standards dealing with signature processing. The W3C has done a lot of good work of defining syntax of XML signatures and a lot of management around that, but actual signature processing, creating or verifying signatures, pass and validation around that is a hard problem to solve," said Zuccherato, a research scientist at Dallas-based Entrust Inc.
He said the OASIS Digital Services Technical Committee hopes to have the complete work on the new standard within a year. The group's first meeting is scheduled for Dec. 2, and application for membership is still open.
Companies signed to the Web services digital signature crusade so far include Entrust, Tibco Software Inc., VeriSign Inc., WebMethods Inc., Iona Technologies PLC, and National Institute of Standards and Technology (NIST), among others.
It is possible that the fledgling standard could be impacted by other evolving OASIS Web services standard initiatives, such as SAML (Secure Access Markup Language) and WS-Security, Zuccherato added.