VeriSign CEO Calls for Open Authentication

By Matthew Hicks  |  Posted 2004-02-25 Print this article Print

In his RSA Conference keynote, VeriSign's Stratton Sclavos on Wednesday said that the drag of security threats on new technology requires an industry shift away from proprietary authentication, while touting the company's OATH initiative and Microsoft par

SAN FRANCISCO—With security threats slowing the adoption of promising new technologies, the time has come for the security industry to move away from proprietary technologies and embrace open and interoperable standards for authentication, said VeriSign Inc. Chairman and CEO Stratton Sclavos. Speaking here at the RSA Conference 2004 on late Wednesday, Sclavos used his keynote presentation to tout a VeriSign-led initiative called the Open Authentication Reference Architecture, or OATH, as a path toward standards-based authentication. VeriSign launched OATH at the RSA show on Monday. "It is time to rethink authentication," Sclavos said. "A fundamental shift needs to be made from proprietary systems to open solutions."
Propelling the shift is the drag that security threats has on the adoption of new technologies. WiFi, Web services, voice over IP and radio frequency identification are among the technologies being slowed because of security concerns, he said.
Along with more interoperability, the IT security industry needs to offer enterprises better visibility and intelligence about potential security threats and remove the complexity for end users, Sclavos said. "If given a choice, our end users will always choose ease of use over better security," he said. "So we better make it easy." With OATH, Sclavos explained, VeriSign has offered a reference architecture for authentication using a universal key recognized among applications, on multiple devices and across internal and external networks. As part of that strategy, VeriSign earlier in the day announced a partnership with Microsoft Corp. for tying VeriSigns authentication services into Windows Server 2003 by this summer. Sclavos said that the combined offering will be OATH-compliant. Sclavos demonstrated the VeriSign-Microsoft offering, showing both how a network administrator can provision user credentials using Active Directory and Microsofts Management Console and how an end user could be authenticated while in the office and on the road using an OATH-complaint hardware token. The USB token demonstrated was Aladdin Knowledge Systems Inc.s eToken NG with One-Time Password, which will be part of VeriSigns April beta of the authentication service. The token combines a PKI store with one-time password functionality. The OATH initiative will be developing new standards over the next six months as well as adding new partners, from application and infrastructure vendors to hardware makers, Sclavos said. "It gives the ability to strongly authenticate every user, on every device they have and on every network they transverse," Sclavos said of OATH. "We need the ability to make the network secure by only letting good people, good content and good devices on board." Check out eWEEK.coms Security Center at for security news, views and analysis.
Matthew Hicks As an online reporter for, Matt Hicks covers the fast-changing developments in Internet technologies. His coverage includes the growing field of Web conferencing software and services. With eight years as a business and technology journalist, Matt has gained insight into the market strategies of IT vendors as well as the needs of enterprise IT managers. He joined Ziff Davis in 1999 as a staff writer for the former Strategies section of eWEEK, where he wrote in-depth features about corporate strategies for e-business and enterprise software. In 2002, he moved to the News department at the magazine as a senior writer specializing in coverage of database software and enterprise networking. Later that year Matt started a yearlong fellowship in Washington, DC, after being awarded an American Political Science Association Congressional Fellowship for Journalist. As a fellow, he spent nine months working on policy issues, including technology policy, in for a Member of the U.S. House of Representatives. He rejoined Ziff Davis in August 2003 as a reporter dedicated to online coverage for Along with Web conferencing, he follows search engines, Web browsers, speech technology and the Internet domain-naming system.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel