OSE extends integration of physical, cyber security management through alliances, standards, best practices

At this week`s RSA Conference in San Francisco, the Open Security Exchange (OSE), a programme of the IEEE Industry Standards and Technology Organisation (ISTO), will announce the formation of a liaison with the Liberty Alliance that will help extend federated identity standards for wireless devices to include physical security. Additionally, the OSE will introduce a new white paper that outlines best practices for unifying the management of physical and cyber security with smart cards.

The OSE is a global organisation composed of key leaders in the fields of physical and cyber security, including Computer Associates, Gemplus, HID Corporation and Tyco Software House.

The OSE is announcing a liaison with the Liberty Alliance, the premier open standards organisation for federated identity and identity-based services. Federated identity allows users to link identity information between accounts without centrally storing personal information - meaning that users can be authenticated by one company or Web site and be recognised and delivered personalised content and services in other locations without having to re-authenticate or sign on with a separate username and password.

The OSE`s mission of integrating security management maps closely to the Liberty Alliance`s goals of enabling federated identities across all systems. The OSE/Liberty relationship will allow the two organisations to collaborate on creating standards and best practices to develop enhanced authentication methods for wireless, subscriber identity module (SIM)-based access to Liberty-enabled Web services.

Ultimately, this would allow unified SIM authentication for physical access control systems as well as network access, and increase a company`s ability to offer convenient single sign-on for mobile commerce payment systems.

"The OSE is firmly committed to supporting and contributing to the Liberty standards and Mobile Business guidelines," said Eric Maurice, executive director of the Open Security Exchange. "These guidelines complement the OSE`s efforts to promote security management by helping organisations address the challenges related to federated identity management across physical and cyber security infrastructures."

"Our alliance with the OSE will help Liberty Alliance to extend federated identity standards into the realm of physical security," said Michael Barrett, president of the Liberty Alliance and vice-president for privacy and security for American Express. "Liberty Alliance`s mission has always been to promote interoperability and federated identity across industries and across platforms. Together with OSE we can build federated identity into the wireless and physical security worlds.

Building on the consortium`s first initiative for increasing the convergence between the realms of physical and cyber security, as well as the initial specifications announced last year, the OSE today unveils a white paper, "Smart Card-Enabled Access Control Used in Logical and Physical Systems". The paper can be downloaded from the OSE`s Web site, www.opensecurityexchange.org.

The paper is a primer for companies planning to select smart cards for both logical and physical access, providing technical guidance and objective selection criteria that enable users to make educated choices among the standards available and the various products offered by vendors. This white paper will help end-users understand how smart cards can be used as credentials to control access to physical locations and IT systems, for authentication to network tools and specific business applications on a user-by-user basis.

Additionally, the paper outlines best practices related to the issuance of credentials and the provisioning of users and privileges across physical and IT systems.

"Security managers are faced with a daunting challenge in selecting smart card technologies, with multiple, often conflicting standards both for physical and cyber access control. It`s very cumbersome to compare technologies from key vendors," said Dave Hawkins, vice-chair of the Open Security Exchange`s Technical Working Group. "With this white paper, we will educate business planners about the various choices of technologies, the various standards and the existing options most likely to lead to fully interoperable solutions."

In addition to its four founders, Computer Associates, Gemplus, HID Corporation and Tyco Software House, the OSE`s current members include ActivCard, CoreStreet, Fargo, Siemens Building Technologies, Siemens Building Information and Communications Network Inc, and VistaScape.

Members of the media are encouraged to schedule individual briefings with OSE spokespeople or learn more during a reception on Wednesday, 25 February at Room 121 North at the Moscone Centre. The OSE will also be presenting a solutions showcase on Wednesday at 2.30pm on the RSA show floor.