In response to greater demand for Internet security, the Open Group, an organisation created by the merger of X/Open and the Open Software Foundation, has released the first in a series of security standards.
The baseline security specification defines a consistent set of default security functions across different platforms. A secure communications services specification defines a set of secure associations for applications that need to communicate over heterogeneous networks. The communications specification provides a way for applications to authenticate one another and protect the data that flows between them.
"This isn't the high-level security that might be required by governments and military organisations," says Dean Adams, the Open Group's manager of security and electronic commerce. "This is commercial-grade security that has been defined by 150 companies around the world."
Analysts say the specifications are needed but note the lack of crucial vendor support.
"One would think it advantageous to have Internet security standards set by an open body," says Ira Machefsky, an analyst with Giga Information Group, in Santa Clara, California. "But Microsoft isn't participating, so you have to wonder if anyone is going to care what the Open Group does."
The Open Group has lined up support from IBM, Sun and Hewlett-Packard and the secure communications specification is already being deployed in Distributed Computing Environment, Version 1.1, and in Oracle's Network Services.
The Open Group plans to address single sign-on, Internet firewalls, cryptography, distributed auditing, and backup and restoration in future security specifications, Adams says.
"We are confident that this will be a huge success," Adams says. "We define the standards and operate a branding programme to enforce compliance."
The Open Group brand costs US$45,000.