The use of emerging XML protocols for Web security is being explored by a newly-formed advisory committee of the Financial Services Technology Consortium, a Chicago-based industry group.
The FSTC's Security Standing Committee, co-chaired by Larry Hollowood of Bank of America and Jim Cowing of Certicom, recently held its initial telephone conference to discuss candidates for the committee's project work.
Twenty FSTC members participated in the call, representing financial institutions, technology companies and associations. Included were Bank of America, Capital One, Fidelity Investments, FleetBoston Financial, Mellon, JP Morgan Chase, and Wells Fargo.
Initial project ideas put forth by the co-chairs centered around XML protocols. The first proposed project called for side-by-side comparisons of emerging security XML protocols for cross-portal authentication. Potential projects could encompass proof of concept lab work and limited pilots to test vendor interoperability in a financial setting.
A second project up for discussion was validation and FSTC-endorsed feedback to emerging XML security standards work, and how the group might suggest areas for improvement.
FSTC comparison of emerging business models for cross-portal authentication, such as Microsoft Passport and Project Liberty, were also discussed. Use of portable authentication mechanisms was deemed to be of interest by several financial institutions in the discussion group.
The Security Standing Committee is just one of several standing committees set up at the association's meeting last February in Atlanta to share knowledge and initiate potential FSTC projects.
The committees provide an opportunity for cross-pollination of ideas, said Jim Salters, FSTC director of technology initiatives and project development. "It gives our members a chance to have an ongoing dialogue outside of our general meetings."
He added, "One of the key benefits to the industry and our members is providing a forum for our members to get together and talk about key issues they're facing and be able to go beyond just talk and actually solve those issues."
The association is pairing up financial institutions and technology vendors to co-chair each of the committees formed around specific topics, including security and infrastructure, payments, distribution channels, emerging technology, and business continuity.
Another FSTC project is exploring a prototype system for supplanting traditional wallets and purses with "personal intelligent communicating assistants"-devices that will be descendants of today's cell phones, PDAs and pagers, but with robust security capabilities designed in. Regulatory requirements governing financial transactions and privacy protections for consumer information will be directly addressed in this architecture.
The next step for the security committee will be to draft an outline of areas of focus and potential projects. "It's at the very early stages and nothing has been defined yet," said Salters. "The job of all of these standing committees is to get together as a group and define the agenda for the organization for the coming year in their particular areas and deciding what is appropriate for the FSTC forum."
At the association's fall meeting, standing committees will present white papers outlining projects important enough for FSTC members to consider undertaking. If enough members are willing to fund them, the projects will go forward. "It's kind of a self selecting process," said Salters. "Members vote with their feet and their pocketbooks."
The FSTC has high hopes for these new committees. "We have great leadership in place," Salters said. "We think it's a unique opportunity not just to talk, but take action. And that's the mantra we'll be sticking with for the next four or five months as we define white papers."