There are no losers in the merger of competing XML security standards proposals, according to analysts and backers...
of the efforts. The winners will be users who are clamoring for a secure method of conducting business-to-business transactions on the Web, they say.
Earlier this year, both Securant Technologies and Netegrity proposed XML-based standards for AuthXML and S2ML, respectively. Both groups had high-profile backers and partners for their efforts. Now the two will become one with the news this week that Securant's AuthXML group has decided to join the OASIS technical committee that was formed to work on the S2ML standard.
"I think we'll see both camps unite to avoid the mess that happened in PKI and in financial services standards. OASIS will be the one that unites both camps," said Uttam M. Narsu, a Giga Information Group analyst. "Since many AuthXML supporters are also OASIS members, expect them to have input. We'll see a single standard, probably by mid-2001.
Officials from both companies reject implications that one standard has "beat" the other. Neither has been submitted for approval to Organization for the Advancement of Structured Information Standards (OASIS), a consortium that maintains XML standards.
Both proposed standards have heavy-hitting support. S2ML's backers include Sun Microsystems, VeriSign, webMethods and Commerce One. AuthXML counted Check Point Software, Citrix and Equifax in its camp.
S2ML, or Security Services Markup Language, grew out of work Waltham, Mass.-based Netegrity was doing to make secured transmissions for Web sites. The company came up with a set of tags that could be used and thought others may be interested in them, said Marc Chanliau, the company's senior product manager.
A security standard will allow companies to focus on their business.
"Companies like Commerce One are already doing this but in a propriety way," Chanliau said. "But Commerce One is not in the security business. It doesn't want to spend its time doing it."
Securant took a similar tact with AuthXML. In May, the company's customers started asking for a way to pass session data across systems. Securant researched the issue and found XML was the way to do it, said Britta Glade, the San Francisco-based company's director of marketing.
"The standard would enable new types of online transactions," said Darren Platt, Securant's principal technical evangelist. "Companies would be able to enact partnering relationships without having to do a custom coding."
The standard would use the descriptive power of XML in concert with digital signatures for validation purposes, Platt said.
Come Jan. 9, when the technical committee first meets, Netegrity, Securant and their backers won't be alone. Others will bring ideas to the table. Chanliau said S2ML as they know it now will likely not be the final version submitted for OASIS approval. Subgroups of the committee will handle specific parts for such things as SOAP-binding and digital signature.
By contrast, Glade said they see AuthXML and S2ML as complementary in many ways, though some parts do overlap. The ultimate goal is not to get AuthXML as the standard but to get a single, usable standard, she said.
"We hope to have version 1 of whatever it's going to be called ready for submission in June," Chanliau said, noting the approval could take as little as three months. He does expect some spirited discussions over the specifics of the standard but he saw that working with the partners on S2ML. "But we will have a specific standard at the end of the day," he said.
FOR MORE INFORMATION: