Netegrity, Inc. announced that it is working with a group of companies to define a standard for enabling secure e-commerce transactions using XML called Security Services Markup Language (S2ML), that will create a common language for sharing security information about transactions and end users between companies engaged in online B2B and B2B2C transactions. Authors of the S2ML specification are Bowstreet, Commerce One, Jamcracker, Netegrity, Sun Microsystems, VeriSign, and webMethods. Reviewers of the specification include Art Technology Group, Oracle, PricewaterhouseCoopers, and TIBCO. Traditionally, security has been implemented within a single enterprise. However, companies are now conducting inter-company business using the Web, which has expanded the scope and range of their e-commerce transactions. For example, in the B2B industry companies now use a number of different e-marketplaces to purchase a broad range of supplies and products. Each of these marketplaces may have different proprietary authentication and authorization solutions, which makes interoperability across marketplaces difficult if not impossible. In B2B2C commerce, users often are involved in business transactions that span several different company Web sites that have joined forces to create an affiliate network of services. In this case, users are forced to log on multiple times and re-start their transactions. The business transactions in both of these markets must span multiple companies, multiple Web sites, and multiple marketplaces that have their own unique and heterogeneous set of platforms and e-commerce infrastructure components. S2ML is intended to solve these problems by helping to unify access control methods through an open, standards-based framework for the next generation of secure e-commerce transactions. The S2ML specification addresses three main areas of security services: authentication, authorization, and entitlement/privilege. S2ML defines standard XML schemas, as well as an XML request/response protocol, for describing authentication and authorization services through XML documents. S2ML also will provide specific bindings for various protocols such as HTTP and SOAP and B2B messaging frameworks such as ebXML. The S2ML effort is an open industry initiative in which any organization can participate and implement the specifications. The vendors behind the S2ML initiative plan to submit the S2ML 0.8 specification to the W3C and OASIS for consideration within the next 30 days. www.S2ML.org, www.netegrity.com

Share