Backed by some very diverse names, Netegrity has announced its plans to develop an XML-based standard to secure e-commerce transactions.
Called Security Services Markup Language (S2ML), the standard seeks to build a common vocabulary for sharing user information and transactions, and encourage single-sign-on across multiple platform business-to-business (B2B) portal and business-to-consumer (B2C) environments.
Bill Bartow, vice president of marketing at Netegrity, said S2ML will be submitted to the World Wide Web Consortium (W3C) and Organisation for the Advancement of Structured Information Standards (OASIS) for examination by December 15.
Authors engaged in the S2ML specification include Bowstreet Software, Commerce One, Jamcracker, Sun Microsystems, VeriSign and webMethods. Reviewers of the definition are Art Technology Group, PricewaterhouseCoopers and Tibco Software.
By recruiting representatives of the Java platform space, security, B2B and managed services arena to collaborate on the new standard's design, S2ML will pay wide-reaching open standard dividends by being built directly into products, said John Pescatore, vice president and research director at Gartner Group.
"[Many clients] have a set of totally different rules, security rules and business rules, trying to do the same thing in two different languages with no connection between them," Pescatore said. "XML seems a likely way to make a bridge between these two languages."
Pescatore said S2ML will be highly visible in "hub and spoke" distributor type sites, citing Exxon-Mobil or General Electric as examples of managing internal and distribution sites without needing proprietary language to share privileges and access rights information between disparate systems.
He said it bears watching how some of the bigger guns on the market react to the new standard. "There will be many competing approaches. The big guys . . . haven't weighed in yet. They can really torpedo things and freeze anybody from moving on to this."
S2ML defines standard XML schemas and XML request/response protocol for authentication and authorisation through XML documents, according to Bartow. The standard will support HTTP and simple object access protocol (SOAP), and B2B messaging frameworks including ebXML.