Article

Home » Client-side Coding » XML, XSLT & Web Services » Getting Started with XML Security

Getting Started with XML Security

Page: 1 2 3 4 5 6 7 8 9 10 11 12

Conclusion

The XML Security standards define XML languages and processing rules for meeting common security requirements. For the most part, these standards incorporate the use of the other XML Security standards, especially the core XML Digital Signature and XML Encryption standards. Another example is the sharing of policy statements by SAML and XACML. This set of interlocking standards has emerged quickly, and, since it is based on a foundation of accepted practices and technologies, should mature quickly. This article has presented a brief introduction to the set of standards and how they work together.

XML Security standards will be essential to moving business online as XML technologies are adopted for Web Services, Digital Rights Management and other emerging applications. Understanding of how XML may meet authentication, authorization, confidentiality,integrity, signature and privacy requirements will be essential. This paper has provided an introduction to these topics.

Acknowledgements

The author would like to thank Ed Frankenberry, Lorraine Hirsch and Dan Lanz for reviewing this document. All errors remain the author's.

References

[ 21CFR11 ]

Title 21 Code of Federal Regulations (21 CFR Part 11) Electronic Records; Electronic Signatures Final Rule Published in the Federal Register, March 20, 1997, http://www.fda.gov/ora/compliance_ref/part11/frs/background/11cfr-fr.htm

[ BRML ]

Business Rules for Electronic Commerce: Project at IBM T.J. Watson Research, http://www.research.ibm.com/rules/home.html

[ DocBook ]

The DocBook Document Type Committee Specification 4.2, 16 July 2002, Document identifier: cs-docbook-docbook-4.2 Location: http://www.oasis-open.org/docbook/specs/

[ Kerberos ]

Kerberos: The Network Authentication Protocol, http://web.mit.edu/kerberos/www/

[ MathML ]

Mathematical Markup Language (MathML™) 1.01 Specification W3C Recommendation, revision of 7 July 1999 http://www.w3.org/TR/REC-MathML/

[ Namespaces ]

Namespaces in XML, World Wide Web Consortium 14-January-1999, http://www.w3.org/TR/REC-xml-names/

[ P3P ] The Platform for Privacy Preferences 1.0 (P3P1.0) Specification

W3C Recommendation 16 April 2002, http://www.w3.org/TR/P3P/

[ PKI ]

Public-Key Infrastructure (X.509) (pkix), http://www.ietf.org/html.charters/pkix-charter.html

[ RDF ] Resource Description Framework (RDF) Model and Syntax Specification

W3C Recommendation 22 February 1999, http://www.w3.org/TR/REC-rdf-syntax/

See also RDF Primer, W3C Working Draft 19 March 2002 http://www.w3.org/TR/rdf-primer/

[ RSS ]

RDF Site Summary (RSS) 1.0, December 6, 2000, http://purl.org/rss/1.0/spec

[ SAML ] Security Assertion Markup Language

http://www.oasis-open.org/committees/security/

[ SOAP ] Simple Object Access Protocol

SOAP Version 1.2 Part 0: Primer, W3C Working Draft 26 June 2002, http://www.w3.org/TR/soap12-part0/

SOAP Version 1.2 Part 1: Messaging Framework, W3C Working Draft 26 June 2002, http://www.w3.org/TR/soap12-part1/

SOAP Version 1.2 Part 2: Adjuncts, W3C Working Draft 26 June 2002 http://www.w3.org/TR/soap12-part2/

[ SSLIntro] Introducing SSL and Certificates using SSLeay

Somewhat dated article (1997) providing an introduction to SSL/TLS: http://www.fjhirsch.com/Papers/wwwj/index.html

[ TLSRFC ] The TLS Protocol, Version 1.0

INTERNET-DRAFT , March 2002 (Expires September 2002) http://www.ietf.org/internet-drafts/draft-ietf-tls-rfc2246-bis-01.txt

[ URI ]

Uniform Resource Identifiers (URI): Generic Syntax, RFC 2396, August 1998, http://www.ietf.org/rfc/rfc2396.txt

[ WebSvcSecRoadmap]

Security in a Web Services World: A Proposed Architecture and Roadmap A Joint White Paper from IBM Corporation and Microsoft Corporation April 7, 2002, Version 1.0 , http://www-106.ibm.com/developerworks/security/library/ws-secmap/

[ WSDL ]

Web Services Description Language (WSDL) Version 1.2, W3C Working Draft 9 July 2002, http://www.w3.org/TR/wsdl12/

[ WS-Security ] Web Services Security (WS-Security)

Version 1.0, April 5, 2002, http://www-106.ibm.com/developerworks/library/Ws-secure/

[ X509Cert ]

Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile, April 2002, http://www.ietf.org/rfc/rfc3280.txt (Note that this superceded RFC 2459)

Algorithms and Identifiers for the Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile, April 2002, http://www.ietf.org/rfc/rfc3279.txt

An Internet Attribute Certificate Profile for Authorization, April 2002, http://www.ietf.org/rfc/rfc3281.txt

[ XACML ] OASIS extensible Access Control Markup Language (XACML)

Working Draft 14, 14 June 2002 Document identifier: draft-xacml-specification-14.doc Location: http://www.oasis-open.org/committees/xacml/docs/

See http://www.oasis-open.org/committees/xacml/#documents for related documents.

[ XHTML ]

XHTML™ 1.0: The Extensible HyperText Markup Language, A Reformulation of HTML 4 in XML 1.0, W3C Recommendation 26 January 2000, http://www.w3.org/TR/xhtml1/

[ XKMS ] XML Key Management Specification 2.0 (XKMS)

W3C Working Draft 18 March 2002, http://www.w3.org/TR/xkms2/

[ XML ]

Extensible Markup Language (XML) 1.0 (Second Edition), W3C Recommendation 6 October 2000 http://www.w3.org/TR/REC-xml

[ XMLCanon ]

Canonical XML, Version 1.0, W3C Recommendation 15 March 2001, http://www.w3.org/TR/xml-c14n

Exclusive XML Canonicalization, Version 1.0, W3C Proposed Recommendation 24 May 2002, http://www.w3.org/TR/xml-exc-c14n/

[ XMLDecTrans ]

Decryption Transform for XML Signature, W3C Candidate Recommendation, 04 March 2002 http://www.w3.org/TR/xmlenc-decrypt

[ XML DigSig ] XML-Signature Syntax and Processing

W3C Recommendation 12 February 2002, http://www.w3.org/TR/xmldsig-core/.

[ XML Enc ] XML Encryption Syntax and Processing

W3C Candidate Recommendation 04 March 2002, http://www.w3.org/TR/xmlenc-core/.

[ XMLProt ]

XML Protocol Abstract Model, W3C Working Draft 9 July 2001, http://www.w3.org/TR/xmlp-am/

[ XMLRef ]

"Essential XML Quick Reference", Skonnard, Gudgin, Addison-Wesley, 2002

[ XPath ]

XML Path Language (XPath), Version 1.0, W3C Recommendation, 16 November 1999 http://www.w3.org/TR/xpath

[ XPathFilter ]

XML-Signature XPath Filter 2.0, W3C Candidate Recommendation, 18 July 2002 http://www.w3.org/TR/xmldsig-filter2/

[ XrML ] extensible rights Markup Language (XrML) 2.0 Specification

20 November 2001 Available upon registration from http://www.xrml.org/m/

If you liked this article, share the love:
Print-Friendly Version Suggest an Article

Sponsored Links

Rate This Article

  • 1
    Poor
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
    Great

Post A Comment

You need to be a member of the SitePoint Forums to comment on this post. Sign Up

Already a member? Post using your SitePoint Forums account:

Topics

SitePoint Jobs

» We're Hiring!

SitePoint Newsletters

Get all the latest tips on Advanced Design and Layout by signing up to all of SitePoint’s informative newsletters.

HTML   Plain


View Our Privacy Policy
Sample Our Newsletter Archives

Follow SitePoint on...

Related Forum Discussions

Related Forum: Databases

  1. How can I relate this two tables?
  2. How Does Indexing Work?
  3. help with this Select statment...
  4. Count of users who authenticated this month
  5. SQL Server: MS Exchange as a linked server?