Secure XML Standard Defined for E-Commerce

Backed by some very diverse names, Netegrity announced plans on Wednesday to develop an XML-based standard to secure e-commerce transactions.

Called Security Services Markup Language (S2ML), the standard seeks to build a common vocabulary for sharing user information and transactions -- and encourage single-sign-on -- across multiple platform b-to-b (business-to-business) portal and b-to-c (business-to-consumer) environments, Bill Bartow, vice-president of marketing at Waltham, Mass.-based Netegrity, said.

S2ML will be submitted to the World Wide Web Consortium (W3C) and OASIS (Organization for the Advancement of Structured Information Standards) for examination by Dec. 15, Bartow said.

Authors engaged in the S2ML specification include Bowstreet Software Inc., Commerce One Inc., Jamcracker Inc., Sun Microsystems, VeriSign and webMethods Reviewers of the definition are Art Technology Group, PricewaterhouseCoopers LLP and Tibco Software.

By recruiting representatives of the Java platform space, security, b-to-b, and managed services arena to collaborate on the new standard's design, S2ML will pay wide-reaching open standard dividends by being built directly into products, said John Pescatore, vice-president and research director at Stamford, Conn.-based Gartner Group.

"[Many clients] have a set of totally different rules, security rules, and business rules, trying to do the same thing in two different languages with no connection between them," Pescatore said. "XML seems a likely way to make a bridge between these two languages."

Pescatore said S2ML will be highly visible in "hub and spoke" distributor type sites, citing Exxon-Mobil or General Electric as examples of managing internal and distribution sites without needing proprietary language to share privileges and access rights information between disparate systems.

He said it bears watching how some of the bigger guns on the market react to the new standard. "There will be many competing approaches. The big guys ... haven't weighed in yet. They can really torpedo things and freeze anybody from moving on to this."

S2ML defines standard XML schemas and XML request/response protocol for authentication and authorization through XML documents, according to Bartow. The standard will support HTTP and SOAP (Simple Object Access Protocol) and b-to-b messaging frameworks including ebXML.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about Art Technology GroupBowstreetCommerce OneGartnerGartnerGeneral ElectricJamcrackerNetegrityOrganization for the Advancement of Structured Information StandardsPricewaterhouseCoopersPricewaterhouseCoopersSun MicrosystemsTibcoTibco Software AustraliaVeriSign AustraliaW3CWebMethods AustraliaWorld Wide Web Consortium

Show Comments