ETSI Takes Signatures to Task
The aim of the task force "is to provide interoperability between the various existing and emerging systems, and not to replace anything that already exists, whether proprietary or standardized," ETSI spokesperson Paul Reid tells Unstrung.
And the institute believes it can propose some useful standards before a de facto standard emerges. According to the "terms of reference" sent to members, "The great commonality between different existing m-signatures pilots (at architecture and service level) is a good sign for the possibility of fulfilling this work program, and defining successfully a common set of requirements and protocols."
Although the name "task force" conjures up images of a large rampaging team of specialists, this one will comprise just two folk, who will be chosen following a "call to the more than 900 ETSI members" for proposals, says Reid. Applications must be received by July 11.
The tiny task force will support the work already being done by another of the institute's groups, the ETSI Project M-Commerce (EP M-Comm), which has been "analyzing the business needs of users and content providers, and of banks and other payment organizations for the security of mobile systems" since late 2000. It will also work closely with other industry bodies already delving into this area, such as the GSM Association, the Open Mobile Alliance (OMA) (see Hey, Hey! We're the OMA!), and Radicchio, amongst others.
Perhaps sensing the imperative for collaboration in m-commerce circles, some pretty tight deadlines have been set for the dynamic duo to come up with concrete developments that will help promote standards-based authentication technology for mobile commerce. The aim is to have the task force members start work in September and be finished by April next year. That's not long to establish models for interoperability, specify a common protocol between the "signature proxy" and service provider, define security requirements, and set out how roaming can be achieved. Wow! Hope they don't have any Christmas plans!
The need for speed is quite important, as the industry already faces the "imminent launch of a number of m-signature systems by different operators," according to ETSI.
ETSI at least realizes that the ability to authenticate a user's identity is key to mobile commerce development -- and that a swath of proprietary technologies will not help matters. One of its stated aims is to "avoid a proliferation of de facto standards." Without some standards, "the use of mobiles for signature, particularly for sensitive applications like payment or ticketing, could be severely limited." No kidding.
Reid is confident the results will be taken seriously and used by the mobile world at large: "The industry is supporting the work of ETSI's M-Comm project. However, almost everything ETSI produces is for voluntary application, so there can never be a 100 percent guarantee that any piece of ETSI work will be taken up."
— Ray Le Maistre, European Editor, Unstrung