(PRWEB) November 06, 2014
Financial services companies, software providers, government agencies, and academics are coming together at the OASIS open standards consortium to define a server-based, biometric identity standard that will address online transaction uncertainties. The work of the new OASIS Identity-Based Attestation and Open Exchange Protocol Specification (IBOPS) Technical Committee will enable identity assertion, role gathering, multi-level access control, assurance, and auditing.
The essence of IBOPS is a departure from the traditional way of storing and accessing information. IBOPS will require indexes to critical data--not the data itself--to be stored in back-end servers. The indexes will be linked to biometric identities not on the server, so even if a breach occurs, hackers do not gain bulk access to sensitive data.
“IBOPS will apply to all data, not just biometrics,” said Scott Streit of Villanova University who co-chairs the OASIS IBOPS Technical Committee. “The architecture will be language-neutral, allowing REST, JSON, and Secure Socket Layers to provide the communication interface. IBOPs will be built on the servlet specification, open secure socket layers, Java, JSON, REST, and Apache Solr.”
The IBOPS Technical Committee may also develop interoperability profiles for FIDO (Fast IDentity Online), OpenID Connect, OAuth, the OASIS Trust Elevation Protocol, and SAML (Security Assertion Markup Language).
“With so many biometrics-based solutions emerging today – some effective, some not so much – there is truly a need for this standard,” said Hector Hoyos, CEO of Hoyos Labs. “Hoyos Labs is pleased to have contributed the comprehensive framework of BOPS to OASIS; we believe that if solutions adhere to this standard, it will increase security, efficiency and convenience for consumers and organizations alike. It will enable interoperability of biometrics-based identity assertion solutions, which until now has been non-existent."
New members are encouraged to join the OASIS IBOPS Technical Committee at any time. Archives of the work are accessible to both members and non-members, and OASIS invites public review and comment on the work.
OASIS is a non-profit, international consortium that drives the development, convergence and adoption of open standards for the global information society. OASIS promotes industry consensus and produces worldwide standards for security, privacy, cloud computing, content technologies, M2M, IoT, and other areas. OASIS open standards offer the potential to lower cost, stimulate innovation, grow global markets, and protect the right of free choice of technology. OASIS members broadly represent the marketplace of public and private sector technology leaders, users, and influencers. The consortium has more than 5,000 participants representing over 600 organizations and individual members in 65+ countries.