Biometric Identity Assurance Standardization in Web Services and SOA

Members of the OASIS international standards consortium are developing a standard for invoking biometrics-based identity assurance using Web services and service oriented architectures (SOA). The new OASIS Biometric Identity Assurance Services (BIAS) Integration Technical Committee will complement the efforts of the InterNational Committee for Information Technology Standards (INCITS), a standards development organization accredited by the American National Standards Institute (ANSI). Where INCITS is working to define the taxonomy of functions that form a framework for deploying identity assurance in the biometrics and security industries, OASIS will define the methods and bindings by which that framework can be used within XML-based transactional services. The two companion standards are expected to reference one another.

"We expect that the INCITS and OASIS initiatives will inform and improve on one another," noted Karen Higgenbottom, chair of the INCITS executive board, which also serves as ANSI's Technical Advisory Group for ISO/IEC Joint Technical Committee 1. "BIAS should significantly increase the opportunities for implementing biometric functions in XML-based systems. Likewise, current SOA methods for exchanging information and transactions data may provide useful parameters and patterns for the broader application of BIAS data in the security industry."

"Biometric systems are becoming more complex as they are integrated into larger identity management and credentialing systems," observed Catherine Tilton of Daon, chair of the OASIS BIAS Integration Technical Committee. "At the same time, there is a growing need for data sharing and reuse of resources and services within and across organizations. Today, custom built, proprietary solutions are the only option. The availability of a standard biometric services interface will allow systems to be implemented on an open architecture and provide users with greater choice in products and services."

"This project represents complementary development efforts between OASIS and INCITS, and we hope it will serve as a model for future collaboration," stated James Bryce Clark, director of standards development at OASIS. "It offers a compelling opportunity for existing SOA and XML security technologies to more broadly consume biometric technologies."

The new committee members foresee their work leveraging a variety of security, Web services, and SOA standards developed at OASIS, including WS-Security. In addition, vertical industry efforts that require secure identification and authentication may make use of the BIAS effort. It may also influence work produced by other standards bodies, biometrics research groups, SOA architects, vendors and users.

The OASIS BIAS Integration Technical Committee will operate under Royalty Free on Limited Terms mode, as defined by the OASIS Intellectual Property Rights Policy. Participation in the Committee remains open to all companies, non-profit groups, governments, and individuals. As with all OASIS projects, archives of the Committee's work will be accessible to both members and non-members, and OASIS will host an open mail list for public comment.