IBM And Lotus Boost Industry Standards To Advance Secure Online Commerce

Free Software Source Code Available in August

AUSTIN, Texas, & CAMBRIDGE, Mass (July 28, 1998) – IBM and Lotus Development Corp. today announced they are donating industry-standard security software source code to the Internet community which can be used for making online commerce easier and more secure.
The security software is based on Internet standards defined by the Internet Engineering Task Force, the leading international standards organization for the development of the Internet. This will help unify the Internet community by enabling vendors to more easily adopt, develop and promote a standard way to secure any and all applications with digital certificates. With digital certificates, people can sign their names electronically, much like drivers’ licenses are used for identification.
The software source code, also known as a reference implementation, delivers on the IETF’s draft Public Key Infrastructure standards, commonly referred to as PKIX. PKIX provides the mechanism to issue, validate, revoke and renew digital certificates. The reference implementation will be available through the Massachusetts Institute of Technology’s Web site at the end of August.
“Internet software vendors and customers today face a major interoperability hurdle due to proprietary implementation of public key infrastructure, ” said Jeff Schiller, IETF Area Director and MIT Manager of Systems and Operations. “By developing and making the PKIX reference implementation code available to all, IBM and Lotus are enabling software vendors to develop products that interoperate and are giving customers the option to choose products that support cross-product and cross-vendor interoperability.”
“By providing the code at no charge, IBM is making it much easier for companies to adopt the PKIX standard…enabling them to securely link their customers, their remote offices and sites, their partners, their suppliers and vendors via the Internet,” said Jeff Jaffe, IBM General Manager of eNetwork Software and Security. “Internet software vendors now will be able to get encryption-based products to market faster, and users will be able to conduct business safely and securely online while reducing their costs.”
Systems and software vendors now may take advantage of the source code, or reference implementation, and no longer need to invent their own core technology or worry about interoperability of certificates. By selecting a product based on the emerging standards, customers will be able to deploy a single public key infrastructure for all of their security applications, reducing the total cost of ownership including deployment time and expense.
In addition to more than 20 organizations participating in authoring the PKIX standard, leading companies, associations and software vendors have lined up to support PKIX, including (see quotes attached): General Motors, JP Morgan, Netscape, Sun, International Computer Security Association, Security Dynamics, Inc., Intel, Equifax, and DASCOM.
Building on IBM’s leadership in promoting and delivering PKIX, IBM and Lotus intend to integrate this standard public key infrastructure throughout their products, including:
Applications, such as Lotus Notes and Lotus Domino;
Networking software, such as IBM eNetwork Firewall and IBM Global Sign-On;
IBM operating systems, such as AIX, OS/2, OS/400 and OS/390;
IBM’s newly announced digital certificate solution, IBM Vault Registry;
IBM SSL toolkits, which are used today in more than 20 products such as IBM Websphere* Application Server and eNetwork Host on Demand
In addition, Tivoli will provide management support for the standards-based digital certificate environment.
Services and Consulting
Continuing IBM and Lotus’ thrust with PKIX standards, customers in every part of the world can also take advantage of services and consulting support through IBM Global Services. IBM can help implement and deploy an architecture that supports an enterprise-wide PKI that all applications can use. IBM services offerings enable customers to develop their PKI policy, strategy and requirements definition. Planning, architecture and implementation services are also available to help customers effectively use PKI to enhance their business operations.
Availability
Available to the public and at no charge, the Public Key Infrastructure reference implementation can be downloaded from the World Wide Web on MIT’s Web site located at http://www.mit.edu at the end of August for Windows NT. A version of the reference implementation will be available for Sun Solaris by the end of the year. IBM plans to offer the complete reference implementation function plus additional enhancements on AIX in January 1999, and plans to support the PKIX standards in the OS/2, OS/400 and OS/390 environments. Distribution of other products incorporating the PKIX standard will be decided by the respective vendors of those products.

Source: IBM

Tags: IBM