Security
  Home arrow Security arrow Page 2 - Safeguarding the Identity and Integrit...
Dev Shed Forums 
Administration  
Apache  
BrainDump  
DHTML  
Flash  
Java  
JavaScript  
Multimedia  
MySQL  
Oracle  
Perl  
PHP  
Practices  
Python  
Reviews  
Security  
Style-Sheets  
Web Services  
XML  
Zend  
Zope  
Forums Sitemap 
IBM® developerWorks 
Dedicated Servers 
E-Commerce Hosting 
Linux Web Hosting 
Managed Hosting 
Small Business Hosting 
Download TestComplete 
VPS Hosting 
Weekly Newsletter

 
Developer Updates  
Free Website Content 
 RSS  Articles
 RSS  Forums
 RSS  All Feeds
Write For Us Get Paid 
Request Media Kit
Contact Us 
Site Map 
Privacy Policy 
Support 
 USERNAME
 
 PASSWORD
 
 
  >>> SIGN UP!  
  Lost Password? 
SECURITY

Safeguarding the Identity and Integrity of XML Messages
By: Sams Publishing
  • Search For More Articles!
  • Disclaimer
  • Author Terms
    		•
    Rating: 4 stars4 stars4 stars4 stars4 stars / 6
    2004-09-09

    Table of Contents:
  • Safeguarding the Identity and Integrity of XML Messages
  • XML Signature Fundamentals
  • XML Signature Structure
  • Types of XML Signatures
  • The Signature Element Schema
  • XML Signature Processing
  • XML Signature Validation
  • The XML Signature Elements
  • Canonicalization Actions from Canonical XML Version 1.0
  • The SignatureMethod Element
  • The Reference Element
  • The Transform Element
  • XPath Filtering Transform
  • Enveloped Signature Transform
  • XPath Filter 2.0 Transform
  • The DigestMethod Element
  • The Object Element
  • The Manifest Element
  • The KeyInfo Element
  • Security Strategies for XML Signature
  • Summary
    		•

    Rate this Article: Poor Best 
      ADD THIS ARTICLE TO:
      Del.ici.ous Digg
      Blink Simpy
      Google Spurl
      Y! MyWeb Furl
    Email Me Similar Content When Posted
    Add Developer Shed Article Feed To Your Site
    Email Article To Friend
    Print Version Of Article
    PDF Version Of Article
    		 
     
     
    ADVERTISEMENT

    Route your faxes to your email inbox. Private, secure fax numbers available from CallWave. Choose your fax number.

    Safeguarding the Identity and Integrity of XML Messages - XML Signature Fundamentals
    (Page 2 of 21 )

    XML Signature combines the utility and power of digital signature technology with the power and flexibility of XML. An XML Signature is itself a piece of XML, and there is a corresponding XML Schema for how this XML will be structured. Within the XML Signature itself are references—URIs—to what is being digitally signed. These references are quite flexible as they can point to items within the same document or be external. Also, a single XML document can contain multiple XML Signatures. This flexibility and power make XML Signature technology somewhat complex when you consider the details. However, the basic concepts are not very difficult to understand, and the structure for an XML Signature, which is always rooted at the Signature element, provides a nice guide for understanding how XML Signatures work.

    XML Signature Requirements - Understanding the formal requirements that were provided/gathered by the W3C Working Group can help you understand why certain parts of the standards turned out the way they did. The following are some of the key requirements that stand out (you can see the full requirements at http://www.w3.org/TR/xmldsig-requirements):

    • XML Signatures apply to any resource addressable by a "locator" (uniform resource identifier), including non-XML content.

    • XML Signatures must be able to apply to a part or the whole XML document.

    • Multiple XML Signatures must be able to exist over the static content of a Web resource.

    • The specification must permit the use of varied digital signature and message authentication codes, such as symmetric and asymmetric authentication schemes as well as dynamic agreement of keying material.

    Other specified requirements affect the resulting standards as well, but considering these four demonstrates that XML Signatures are not just a simple application of digital signature technology on a piece of XML text. They are much more.

    SamsThis chapter is from Securing Web Services Security with WS-Security, by Jothy Rosenberg and David Remy (Sams, 2004, ISBN: 0672326515). Check it out at your favorite bookstore today.

    Buy this book now.

    Next: XML Signature Structure >>
     

    More Security Articles
    More By Sams Publishing


     
    >>> Be the FIRST to comment on this article!

       

    SECURITY ARTICLES

    - An Epilogue to Cryptography
    - A Sequel to Cryptography
    - An Introduction to Cryptography
    - Security Overview
    - Network Security Assessment
    - Firewalls
    - What’s behind the curtain? Part II
    - What’s behind the curtain? Part I
    - Vectors
    - PKI: Looking at the Risks
    - A Quick Look at Cross Site Scripting
    - PKI Architectures: How to Choose One
    - Trust, Access Control, and Rights for Web Se...
    - Basic Concepts of Web Services Security
    - Safeguarding the Identity and Integrity of X...
    Find More Security Articles
     
    Accelerating Trading Partner Performance
     
    Competing on Analytics
     
    Cost Effective Scaling with Virtualization and Coyote Point Systems
     
    Five Checkpoints to Implementing IP Telephony
     
    Hosted Email Security: Staying Ahead of New Threats
     




    © 2003-2008 by Developer Shed. All rights reserved. DS Cluster 5 hosted by Hostway