Group seeks standard for secure online trading

A group of high-tech software companies, led by B2B security software vendor Netegrity Inc., this week announced an initiative to develop an XML-based standard for ensuring security in online trading.

The focus of Security Services Markup Language, or S2ML, is to create a single open standard for security data -- particularly customer authentication, authorization and entitlement, or privileges -- through XML documents.

It's the second time in less than a week that an e-commerce security application vendor has proposed developing such a standard. Last Friday, Securant Technologies Inc. of San Francisco announced an industry working group to create AuthXML, another XML-based standard for Web security.

The objectives of both initiatives are the same: to develop a standard way of identifying and authenticating customers as they move across trading partner Web sites and online exchanges.

It would be good for businesses, which would be able to keep track of key customers and trading partners as they move through various Web sites. For customers, it would mean having secure access to multiple e-marketplaces and Web sites through a single sign-on.

Concierge or armed escort?

"It allows a business to act as a personal concierge -- or, in a more dangerous world, an armed escort," said Peter Lindstrom, senior analyst at the Hurwitz Group in Philadelphia. "It creates a singular user experience through a single Web site."

Joining Netegrity, of Waltham, Mass., in its announcement were several heavy hitters in the B2B arena, including Commerce One Inc., Sun Microsystems Inc., Oracle Corp. and webMethods Inc. Others signing up included Bowstreet Inc., Jamcracker Inc. and VeriSign Inc.

Security traditionally has been an issue within an enterprise. However, with more business being conducted over the Internet between enterprises and e-marketplaces, businesses must find a way to enable customers to easily travel across various sites.

"We are developing a standard and open way to discuss security among trading partners," said Chuck Shih, vice president of MarketSite product strategy at Commerce One, during the press conference announcing the initiative.

S2ML will be open and work with multiple XML (eXtensible Markup Language) document exchange protocols and frameworks such as SOAP, Microsoft Corp.'s Biztalk and ebXML (Electronic Business XML). ebXML is being developed by OASIS (the Organization for the Advancement of Structured Information Standards) and the United Nations body for Trade Facilitation and Electronic Business.

The companies involved in developing S2ML expect to submit an early specification to the World Wide Web Consortium and other standards bodies for consideration within the next 30 days.

Other companies also are being invited to join the S2ML initiative. Although Netegrity executives said a key difference between their project and that of Securant was the presence of other companies, Lindstrom, the Hurwitz analyst, said he expects companies to quickly join Securant's effort as well.