Security jitters stunting the growth of electronic commerce should be calmed considerably by the future fruits of an IBM/Lotus Development move to seed the marketplace with free digital certificate source code.
That is the assessment of corporate customers and industry experts who heard IBM/Lotus announce the giveaway at this week's Catalyst Conference '98 in Colorado Springs, Colorado. The conference, sponsored by The Burton Group consultancy and the Network Applications Consortium, also featured product and partnership announcements from Netscape, VeriSign, Microsoft and Isocor.
IBM/Lotus by the end of the month will make available a reference implementation of a pending IETF standard called Open Public Key Infrastructure, commonly known as PKIX. The standard defines how products issue, validate, revoke and renew digital certificates, which are used to assure the security of Internet transactions and messages.
Standards-based PKIs are considered a crucial step toward building corporate and consumer confidence in the security and reliability of Internet commerce. IBM/Lotus executives expressed hope that the code release will allow other software vendors to easily and quickly produce interoperable PKI-compliant products.
The PKIX reference implementation will be posted to a Web site hosted by the Massachusetts Institute of Technology. The technology will also be integrated into Lotus’ Domino 5.0 server, which is expected to ship later this year.
The IBM/Lotus initiative met with widespread approval at this week's conference, which was focused on the future of networking infrastructure.
"It will accelerate progress toward getting lots of these (PKIX) implementations from different vendors," says Phil Schacter, an analyst with The Burton Group. "This is going to take away roadblocks (to widespread PKI adoption) and IBM is probably going to do quite well out of it."
According to Schacter, however, "dissension in the PKIX community about the best way to do certain things" is likely to present implementation challenges for vendors that may slow widespread use of the technology.
"We're probably not going to see commercial products until maybe the second half of next year and those are going to need a while to mature before people will rely on them to do all of their extranet work," Schacter says.
Netscape Communications and VeriSign announced an expansion of their PKI-related dealings that will, among other things, allow Netscape Certificate Server users to issue and manage digital certificates within the VeriSign Trust Network, a collection of Certificate Authorities. The arrangement will make PKI deployment more practical by giving corporations hands-on control over their own Certificate Authorities, the companies said.
Microsoft reported it has lined up a number of application vendors that will be integrating their products with the software giant's upcoming Active Directory in Windows NT 5.0. Among those signed on are: J.D. Edwards, Baan, SAP, 3Com, Documentum, PC Docs, Entrust Technologies, Compuware and Isocor.
Isocor, meanwhile, announced a new family of metadirectory products called MetaConnect.