OASIS Develops SOA-Based Identity Assurance Standards
Members of the OASIS international standards consortium are developing a standard for invoking biometrics-based identity assurance using Web services and service oriented architectures (SOA). The new OASIS Biometric Identity Assurance Services (BIAS) Integration Technical Committee will complement the efforts of the InterNational Committee for Information Technology Standards (INCITS), a standards development organization accredited by the American National Standards Institute (ANSI).
Where INCITS is working to define the taxonomy of functions that form a framework for deploying identity assurance in the biometrics and security industries, OASIS will define the methods and bindings by which that framework can be used within XML-based transactional services. The two companion standards are expected to reference one another.
"We expect that the INCITS and OASIS initiatives will inform and improve on one
another," noted Karen Higgenbottom, chair of the INCITS executive board, which
also serves as ANSI's Technical Advisory Group for ISO/IEC Joint Technical
Committee 1. "BIAS should significantly increase the opportunities for
implementing biometric functions in XML-based systems. Likewise, current SOA
methods for exchanging information and transactions data may provide useful
parameters and patterns for the broader application of BIAS data in the
"Biometric systems are becoming more complex as they are integrated into larger
identity management and credentialing systems," observed Catherine Tilton of
Daon, chair of the OASIS BIAS Integration Technical Committee. "At the same
time, there is a growing need for data sharing and reuse of resources and
services within and across organizations. Today, custom built, proprietary
solutions are the only option. The availability of a standard biometric
services interface will allow systems to be implemented on an open architecture
and provide users with greater choice in products and services."
"This project represents complementary development efforts between OASIS and
INCITS, and we hope it will serve as a model for future collaboration," stated
James Bryce Clark, director of standards development at OASIS. "It offers a
compelling opportunity for existing SOA and XML security technologies to more
broadly consume biometric technologies."
The new committee members foresee their work leveraging a variety of security,
Web services, and SOA standards developed at OASIS, including WS-Security. In
addition, vertical industry efforts that require secure identification and
authentication may make use of the BIAS effort. It may also influence work
produced by other standards bodies, biometrics research groups, SOA architects,
vendors and users.
The OASIS BIAS Integration Technical Committee will operate under Royalty Free
on Limited Terms mode, as defined by the OASIS Intellectual Property Rights
Policy. Participation in the Committee remains open to all companies,
non-profit groups, governments, and individuals. As with all OASIS projects,
archives of the Committee's work will be accessible to both members and
non-members, and OASIS will host an open mail list for public comment.