November 7, 2014 -
OASIS, a standards consortium that drives the development, convergence and adoption of open standards in a variety of technologies, has launched a new committee to define a server-based, biometric identity standard that will address security issues in online transactions.
OASIS’s new Technical Committee on the Identity-Based Attestation and Open Exchange Protocol Specification (or “IBOPS”) will be working on producing an end-to-end specification describing the standards necessary to perform server-based enhanced biometric security.
The IBOPS approach to storing and accessing information requires indexes of biometric identities to be stored on back-end servers, but not the actual biometric data, which is safely stored elsewhere. This means that even if a server breach occurs, hackers do not gain bulk access to sensitive data.
Hoyos Labs, Intel, Red Hat, the U.S. Information Sharing Environment, the U.S. Department of Defense, and Villanova University are among the IBOPS committee’s charter members.
OASIS IBOPS Technical Committee co-chair and Villanova University professor Scott Streit noted that IBOPS also applies to data applications beyond biometrics. “The architecture will be language-neutral, allowing REST, JSON, and Secure Socket Layers to provide the communication interface. IBOPs will be built on the servlet specification, open secure socket layers, Java, JSON, REST, and Apache Solr,” he said in a statement.
The IBOPS Technical Committee could also develop interoperability profiles for FIDO, OpenID Connect, OAuth, the OASIS Trust Elevation Protocol, and SAML.
Hoyos Labs CEO Hector Hoyos said that the IBOPS standard will “enable interoperability of biometrics-based identity assertion solutions, which until now has been non-existent.”
New members can join the OASIS IBOPS Technical Committee at any time. Archives of the work are accessible to both members and non-members and OASIS invites public review and comment.