Enable XML Security (3)

Source: Internet
Author: User
Tags format object soap key web services xmlns access
xml| Safety | safety

xmlns= "http://www.w3.org/2001/04/xmlenc#"/>
[</Transform>]
[<transform] algorithm= "http://www.w3.org/TR/2000/
cr-xml-c14n-20001026 "/>
[Ten] </Transforms>
[11].
[</Reference>]
[</SignedInfo>]
[<SignatureValue>...</SignatureValue>]
[<Object>]
[<order] id= "Order" >
[<item>]
[<title>xml] and java</title>
[<price>100.0</price>]
[<quantity>1</quantity>]
[</item>]
[<encrypteddata] id= "ENC2"
xmlns= "http://www.w3.org/2001/04/xmlenc#" >...</EncryptedData>
[<encrypteddata] id= "ENC1"
xmlns= "http://www.w3.org/2001/04/xmlenc#" >...</EncryptedData>
[A] </order>
[</Object>]
[</Signature>]




The Signature element from line 1th to line 26th now contains the previous order element (on line 16th to 24th) and the previous encrypted plain text cardinfo (shown in the line on the 22nd line). There are two conversion references: decrypting (lines 6th through 8th) and normalization (line 9th). The decryption transformation instructs the signature validator to decrypt all encrypted data except the data specified in line 7th of the Dataref element. After the EncryptedData element in line 22nd is decrypted, the order element is normalized and the signature is properly validated.

Other relevant languages and specifications
Hiding sensitive information in an XML document, building integrity, and authenticating the different parts of these documents are mainly handled by following the steps listed in the encryption and signature specification (see Resources), as described in the referenced draft. In addition, there are other closely related areas, such as authenticating users or systems, identifying authorization levels, and managing keys, all of which are related to XML security.

SAML is an OASIS-driven model that attempts to integrate competing AUTHML and S2ML specifications to facilitate the interchange of authentication and authorization information. The Extensible Access Control Markup language is closely related to SAML, but it is more focused on the security model of the subject-oriented privileged object in the context of a particular XML document, which is also referred to by OASIS and is called XACML or xacl (even in the same document). By writing rules with XACL, policy makers can define which access privileges are enforced for specific XML documents and related events in the situations described earlier.

The consortium is now considering XKMS, which intends to establish a key management protocol at the top of the XML signature standard. With SAML, Xacl, and other initiatives, XKMS is an important element in the larger framework of security that applies to XML documents. With it, the pole can be seen to greatly simplify the management of authentication and signature key; it does this by separating the digital certificate processing functionality, the recall status check, and the authentication path location and validation from the application involved-for example, by delegating Key management to Internet Web services.

XML Security still has a long way to go to meet the convenience, reliability, and robustness of usage. But at present, good progress is being made.

Resources

The digital signature of the DeveloperWorks tutorial SOAP messages written by Jayanthi Suryanarayana explains how to digitally sign and encrypt your SOAP messages for security reasons.
Doug Tidwell's "XML Security Suite": increasing the security of E-commerce demonstrates some of the basics of Web security, describes the components of the XML security suite, and gives examples to demonstrate how the technology in the XML security suite can increase the security of the Web trade.
The OASIS Alliance site includes the XML Cover pages:xml and encryption, Robin Cover's Active Directory and related publications for these activities. The site also has a draft document detailing security Assertion Markup Language (SAML).
Draft of the work of the encryption XML Requirements lists the design principles, scope, and requirements of XML encryption. It includes requirements related to cryptographic syntax, data model, format, password handling, and external requirements and coordination.
The XML encryption Syntax and processing details the process of encrypting the data and displaying the results in XML. The data can be arbitrary data (including an XML document), an XML element, or an XML element content.
Xml-signature Requirements Lists the design principles, scope, and requirements for designing the XML digital signature specification. It includes requirements related to signature syntax, data model, format, password handling, and external requirements and coordination.
Xml-signature Syntax and processing details the rules and syntax for XML digital signature processing. XML signatures provide integrity, message authentication, and/or Issuer authentication services for any type of data, regardless of whether the data is in the signed XML or elsewhere.
The decryption Transform for XML signature provides a "decryption transformation" that enables XML signature validation even if the signature and encryption operations are performed on an XML document.
XML Key Management specification details the protocol for distributing and registering public keys, which is suitable for the proposed standard of XML signature [Xml-sig] developed by the consortium and the Internet Engineering Task Force (IETF) and the expected partner standard for XML encryption Use.
Find the latest security-related news and products on the IBM security site.
View the overview in the IBM WebSphere 3.x server security model.

-->



Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.