|
XML Security
Introduction
There are generally two primary requirements for sending XML data securely over the Internet: encryption to keep confidential information private; and digital signatures to provide authenticity, integrity and non-repudiation.
- encryption: W3C XML encryption standard specifies how to use XML (syntax and processing) to represent digitally encrypted Web resource (including XML itself) with arbitrary encryption algorithms.
- digital signatures: a joint effort between W3C and IETF leads to current working standards of XML Digital Signature using PKI. A key requirement is to allow XML document senders to sign just parts of an XML document while allowing other users to legitimately alter other parts of the document (e.g., a form in which the user needs to fill in with data).
XML Security Tutorials and Articles
XML Security Page
Building Secure Web Services with Microsoft SOAP Toolkit 2.0
XML Cover Page on XML Encryption
A VeriSign White Paper: XML Trust Services (Overview)
A VeriSign White Paper: XML Key Management
An Entrust White Paper: Web Services Trust & XML Security Standards
Entrust's XML Strategy for Authorization
Towards Secure XML
Signing On Digitally With The New XKMS Specification
XML and how to secure it
Signed XML: Experiences from the Creation of XFDL
Security Implications of Web Services
XML Security Toolkit
IBM XML Security Suite
Entrust/Toolkit™ for Java™
XML Security Specifications
XML-Signature Syntax and Processing
SOAP Security Extensions: Digital Signature
W3C XML Key Management Specification (XKMS)
W3C XML Encryption Requirements
W3C XML Encryption Syntax and Processing
W3C Decryption Transform for XML Signature
OASIS Security Assertion Markup Language (SAML)
|
