4.2.6 Money makes the world go round

Even when new Web protocols are standardized and software is available, there will be lag time before security-enhanced client software is installed on millions of desktops. Not all companies are waiting for these developments. Some are devising ways to provide a measure of security today. One such firm is Open Market, which is building on technology devised at the Massachusetts Institute of Technology.

Open Market provides a StoreBuilder toolkit for firms that want to conduct business on the Internet. Its scheme works with existing Web clients and uses a payment URL (Uniform Resource Locator) that encodes price and other data in the information sent to the client program.

When a consumer selects an item, the URL is sent to a payment server, which authenticates the user and processes the payment. The payment server then redirects the client program to use an access URL. The model supports ordering of information goods such as delivery of magazine or database excerpts on demand as well as traditional hard goods. Open Market's partners include the Lexis/Nexis service and Digital Equipment Corp.

New security technologies and alliances are being announced at a breathtaking pace. For example, Microsoft has announced an alliance with Visa International. Microsoft recently announced its own online information service (called Marvel) and purchased Intuit, the leading maker of PC personal finance software.

Other new ventures such as First Virtual aim to provide transaction services without a need for security-enhanced software (see Section 4.1). Purchases are authenticated off-line via a relatively simple e-mail confirmation instead of more complex schemes.

During 1995, we probably will see many more alliances out to provide secure Internet transaction technologies. A shakeout also is likely as the market settles on technologies and players within and outside the Internet context.

Advocates of commerce on the Internet maintain that the more complicated schemes are essential for the Net to replace conventional means of conducting business. To prevent a Tower of Babel of complex new schemes, the newly formed W3 Organization is trying to foster cooperation among technology vendors. Tim Berners-Lee, the chief architect of the World-Wide Web, has convened meetings of major players on behalf of the consortium.

Berners-Lee is optimistic that there will be some convergence. He also points out that HTTP was designed under the assumption that multiple schemes would coexist. According to Berners-Lee, the top layer of Secure HTTP transactions will negotiate the level of security and the exact scheme to be used. This will allow users and vendors to take advantage of future encryption schemes that have not yet been invented.