User Group Forming to Further Develop and Standardize the Black Forest Group's e-Commerce
Security Framework
Framework to allow corporations to conduct secure
and auditable B2B e-commerce over the Internet
ANAHEIM, Calif., WebSec 2001, August 8, 2001 - InfoCore, an information technology (IT)
security consulting company, today announced it has been asked by several global companies to facilitate
the formation of a user group of which these firms would become guiding members. Initially, the user
group will collaborate to gain low-cost insurance of digital certificates for use in business-to-business
(B2B) e-commerce Internet transactions and value-laden exchanges.
This activity extends a framework, based on work already completed by the Black Forest Group, an international
consortium of IT professionals representing some of the largest corporations in the world. It will allow
businesses to conduct secure and auditable B2B e-commerce transactions over the Internet by leveraging High
Assurance (TCSEC A1, ITSEC E6 and future Common Criteria) computing platforms at key junctures of the e-commerce
infrastructure and to integrate high value exchanges with IT consumers' existing Internet technology investments,
as well as to provide a verifiable basis for insurance.
The members of the user group will work cooperatively to forward their business and IT requirements for
commercial-off-the-shelf solution alternatives that are insurable and economical in B2B activity. They intend
to validate solutions in a proof-of-concept process based upon the BFG Framework. Overall, they expect to
influence the creation of better vendor solutions and present developments to national and international IT
open standards bodies for review, as well as publish general non-proprietary results for industry comment and
use. One focus for the group will be to understand and identify the requirements for the integration of transaction
security and workflow in a manner that helps users reduce costs and speed B2B interactions on a non-proprietary
basis.
Companies including AEGON USA Companies, Computer Technology Associates, Inc., MiCTA Service Corporation,
Union Pacific Railroad, Imperito Networks Inc., Information Risk Group, Inc., a Pinkerton Company, and RSA
Security, as well as other Black Forest Group members from credit insurance, automotive manufacture, and
financial sectors, have expressed tangible interest in the user group to move the BFG framework to the next
phase of broad industry adoption and deployment.
"Legally verifiable 'auditability' and risk managed liability allocation represent huge barriers to any
value-laden Internet B2B e-commerce exchange, today," said Rich Lee, the BFG Security Chair. "After meeting
our initial objective as sponsors of the BFG Framework two weeks ago, the BFG is pleased with the efforts of
InfoCore to facilitate the creation of this special initiatives group that can take our framework to the next
level. This group will be instrumental in forwarding the BFG Framework to the industry at large so corporations
can obtain insurable B2B e-commerce on the Internet."
The BFG E-Commerce Framework
The Framework put forward by the BFG in April of 2000 identified public key infrastructure (PKI) with the measurable
quality attribute (BFG Quality Attribute) in X.509 digital certificates as a means of leveraging standards to
achieve confidence in the security foundations of e-commerce. The Framework lets companies manage their B2B
e-commerce risks in an economical, scalable manner. In addition to its security metric, the BFG Framework reflects
the fundamental needs and requirements of IT consumer organizations for automaticity, transparency, scalability
and manageability across both current and future platforms. To date the BFG has met its initial objective to gain
at least one commercially available product that uses the BFG Quality Attribute.
For More Information
Within 30 days, information about the user group will be available on the Black Forest Group and InfoCore Web
sites, found at www.blackforestgroup.org and
www.info-core.com, respectively. This information will include:
- Membership form
- User group agenda and logistics
- User group frequently asked questions (FAQ) document
For more immediate information about the user group, contact Carl Allen, president of InfoCore, Inc. at
info@info-core.com.
Back