Isode will work with several leading companies to create a common XML security policy information file (SPIF) format.

With the help of Cadmidium, Clearswift, CommPower, eB2Bcom, JSC, Nexor and SMHS, Isode hopes to encourage vendors to use a new system of security labels to exchange information.

The use of a single SPIF allows security labels to be displayed and handled consistently, and makes the management of security policy easier.

There are currently two standardised SPIF formats: SDN.801c, which was created by the US National Security Agency in 1999, and X.841, an ITU-T format designed in 2000.

Both are encoded in ASN.1 (a standardised binary format) and can only be managed using special-purpose tools. Most vendors use one of the standard formats, or have invented their own system.

Eight organisations have now come together to develop an openly available XML schema that allows a generic security policy, but also has the functionality of the X.841 and SDN.801c systems.

Isode CEO Steve Kille said: “We adopted SMHS’s XML schema for use in our products’ security policy infrastructure as one of the SPIF formats supported by the Isode product set.

“The extensible nature of XML enabled us to extend the schema to include colour support for security classifications, and allows other organisations to contribute extensions that can be easily removed by systems that do not support them.

“We’re delighted to be working with these organisations to build a common SPIF format and hope to see others join the development and maintenance work.”

Version 1.0 of the new SPIF format is available from the Schema page at This site also links to sample SPIFs representing a range of policies, including US GENSER, Australian AGIMO and UK JSP 457. Isode expects supporters of the format to contribute other samples.

Companies that would like to join the scheme as equal partners should contact Will Sheward at Isode.