Committee Aims To Boost E-Commerce Biometrics

E-business standards consortium OASIS on Thursday announced it has formed a committee to specify a standard way to use XML (extensible markup language) in biometrics for e-commerce and other applications.

"Biometrics, in essence 'what you are,' are destined to replace 'what you know' items such as PIN numbers, and to augment 'what you have' forms of identification such as cards," committee chair Phillip Griffin said.

The new specification, called the XML Common Biometric Format (XCBF), will describe information that verifies identity based on human characteristics, such as DNA, fingerprints, iris scans and hand geometry.

It will be used in biometric applications that facilitate authorization processes in e-commerce, measure attendance and control online document access.

Ready or Not?

OASIS is one of many organizations dealing in biometrics, but the average consumer may not be ready for usable implementations, according to some analysts.

"September 11th drove this idea high onto the public's radar," GartnerG2 analyst Laura Behrens told the E-Commerce Times. "The concept is very appealing, but consumers are not ready for biometrics at its current state of the art or at current deployment conditions."

Cost Barrier

The problem, Behrens said, is that implementation costs for biometric applications are prohibitively high.

"The costs will not come down to the point of ubiquity in the near term," she said. "The technology is not deployed widely enough to enjoy economies of scale."

Even in current systems that work only tolerably, she added, per-user costs can reach US$100, and expenses skyrocket for more sophisticated systems like iris scans.

Work in Progress

What is more, execution details are still largely undefined, according to analysts. A variety of housing devices for biometrics are still in the experimental stage, including smart cards, key chains and implanted computer chips.

"Any one authentication solution is not a perfect panacea," Behrens said.

Passwords and PIN numbers are enough for many applications, she added, but biometric authentication could play a role in e-commerce arenas that require higher security, such as prescription medication.

Boosting Biometrics

Toward this end, the committee's goal is to improve upon current conditions and to streamline the online transmittal of biometric data.

"The message syntax for transferring information across the Internet seems to be focused on XML-based dialects, and biometric information is no different in this respect," said Jeff Stapleton of ANSI (American National Standards Institute).

The committee's charter is to define a set of XML encodings for the Common Biometric Exchange File Format (CBEFF) -- drafted by ANSI and managed by the National Institute of Standards Technology (NIST). The CBEFF format describes data elements that are necessary to support biometric technologies in a standard way.

Participation in the OASIS committee remains open to all organizations and individuals interested in advancing a standard XML schema for biometrics. The committee's completed work will be available to the public without licensing fees.