One of the larger and more ambitious of the consortia trying to bring order to technology standards has adopted a specification that it says will enhance security and reliability of electronic commerce.
The Open Group, an international body of more than 200 technology providers and users, including major banks, gave its nod to the Intel Corp. Common Data Security Architecture, known as CDSA 2.0.
The approach was backed by a group of companies including International Business Machines Corp., Netscape Communications Corp., the digital certification vendor Entrust Technologies Inc., Hewlett-Packard Co., and J.P. Morgan & Co.
Open Group said CDSA coherently addresses the need for cryptography and related security techniques while ensuring the interoperability that can foster usage and acceptance across different kinds of systems.
The group said electronic commerce is being hindered by public concerns about Internet safety and by widespread confusion over the wide array of available security measures.
"As a result, few companies are willing to commit any real value or mission-critical information to the Internet," the Cambridge, Mass.-based Open Group said in its CDSA announcement last week. "For this reason, e- commerce today is almost entirely restricted to low-value transactions such as the sale of books."
"Addressing both the real and perceived security issues associated with the Internet is a key requirement in the delivery of a ubiquitous, global infrastructure," said Joseph DeFeo, a former technology chief of Barclays Bank in London, who has been Open Group president and chief executive officer since September 1996.
"Fundamental to this goal is an industry-supported collection of standards, technologies, and products that deliver a recognized level of security and reliability," Mr. DeFeo said.
That essentially defines Open Group's core initiative, which it calls IT DialTone-a global information infrastructure that has the ubiquity and easy connectivity of the telephone network. Mr. DeFeo said CDSA is "a pivotal component" of IT DialTone.
CDSA, now an official Open Group standard, can be configured to work with any of what the organization termed the "bewildering range of laws and regulations regarding the use of cryptography." The framework encompasses data encryption, certificate management, trust policy management, the option of key recovery, and key and certificate lookup, storage, and retrieval.
"The ratification of CDSA is a turning point for secure e-business," said Kathy Kincaid, IBM's director of information technology security programs. "The industry can now provide the broad security solutions customers will seek as they look to exploit the business benefits of open networks."
The Open Group's backing "provides assurance that CDSA has been widely reviewed and accepted as the first extensible security solution for a common security platform," said Craig Kinnie, vice president and director of Intel Architecture Labs, where the spec originated.
Open Group was formed in 1996 from the merger of X/Open Company Ltd. and the Open Software Foundation.
