Welcome to IDtrust XML.org.

This is the official community gathering place and information resource for identity and trusted infrastructure standards. The site is hosted by the OASIS IDtrust Member Section, a group that encourages new participation from developers and users. This is an open, vendor-neutral community-driven site, and the public is encouraged to contribute content. See more about this site.

New $2B Dutch Transport Card is Insecure

The new Dutch transit card system, on which $2 billion has been spent, was recently shown by researchers to be insecure. Three attacks have been announced by separate research groups. Let’s look at what went wrong and why.

Read the rest of the story at Ed Felten's blog at http://www.freedom-to-tinker.com/?p=1250.

Read more

Can Mid-Market Merchants Comply with PCI Standards In Time?

If you want to transact business with credit cards, you have to follow the rules: the payment card industry security standards. Companies that don't comply face fines or worse. So why aren't more mid-market merchants already in compliance?

By Michael Jackman
CIO Magazine,
January 15, 2008

Read more

StrongAuth submits DRAFT 2 of SKSML protocol to OASIS

StrongAuth, Inc. , the creators of StrongKeyTM the first open-source Symmetric Key Management System (SKMS), has submitted a new version of the Symmetric Key Services Markup Language (SKSML) to the OASIS Enterprise Key Management Infrastructure (EKMI) Technical Committee.

Read more

EKMI at OASIS Open Standards 2008 Symposium - April 28 - May 1, 2008 - Santa Clara, CA

As the internet continues to become more hostile and Information Technology infrastructure comes under contractual and government regulation (RIPA, PCI-DSS, PCSA, HIPAA, FISMA), SOA-based applications will need to address issues of data security, privacy and accessibility in better ways than traditional architectures have dealt with them.

Encryption of data is the last bastion of defense.

Read more

Identity Protection Factor (IPF) - March 4-6, 2008 - Gaithersburg, MD

Since the dawn of computing, operating systems and applications have used many schemes to identify and authenticate entities accessing resources within computers. While the technologies and schemes have varied, there appears to have been little attempt to classify them based on their ability to resist attacks from unauthorized entities.

Read more

XML.org Focus Areas: BPEL | DITA | ebXML | IDtrust | OpenDocument | SAML | UBL | UDDI
OASIS sites: OASIS | Cover Pages | XML.org | AMQP | CGM Open | eGov | Emergency | IDtrust | LegalXML | Open CSA | OSLC | WS-I