Security
  Home arrow Security arrow Page 2 - Safeguarding the Identity and Integrity of XML Messages
Dev Shed Forums  
Administration  
AJAX  
Apache  
BrainDump  
DHTML  
Flash  
Java  
JavaScript  
Multimedia  
MySQL  
Oracle  
Perl  
PHP  
Practices  
Python  
Reviews  
Security  
Smartphone Development  
Style-Sheets  
Web Services  
XML  
Zend  
Zope  
Mobile Linux  
App Generation ROI  
IBM® developerWorks  
Forums Sitemap  
E-Commerce Hosting  
Linux Web Hosting  
Managed Hosting  
Small Business Hosting  
VPS Hosting  
Weekly Newsletter

 
Developer Updates  
Free Website Content 
 RSS  Articles
 RSS  Forums
 RSS  All Feeds
Write For Us Get Paid  
Request Media Kit
Contact Us  
Site Map  
Privacy Policy  
Support  
 USERNAME
 
 PASSWORD
 
 
  >>> SIGN UP!  
  Lost Password? 
Google.com  
SECURITY

Safeguarding the Identity and Integrity of XML Messages
By: Sams Publishing
  • Search For More Articles!
  • Disclaimer
  • Author Terms
    		•
    Rating: starstarstarstarstar / 7
    2004-09-09


    Table of Contents:
  • Safeguarding the Identity and Integrity of XML Messages
  • XML Signature Fundamentals
  • XML Signature Structure
  • Types of XML Signatures
  • The Signature Element Schema
  • XML Signature Processing
  • XML Signature Validation
  • The XML Signature Elements
  • Canonicalization Actions from Canonical XML Version 1.0
  • The SignatureMethod Element
  • The Reference Element
  • The Transform Element
  • XPath Filtering Transform
  • Enveloped Signature Transform
  • XPath Filter 2.0 Transform
  • The DigestMethod Element
  • The Object Element
  • The Manifest Element
  • The KeyInfo Element
  • Security Strategies for XML Signature
  • Summary
    		•

    Rate this Article: Poor Best 
      ADD THIS ARTICLE TO:
      error-file:tidyout.log Del.ici.ous error-file:tidyout.log Digg
      error-file:tidyout.log Blink error-file:tidyout.log Simpy
      error-file:tidyout.log Google error-file:tidyout.log Spurl
      error-file:tidyout.log Y! MyWeb error-file:tidyout.log Furl
    Email Me Similar Content When Posted
    Add Developer Shed Article Feed To Your Site
    Email Article To Friend
    Print Version Of Article
    PDF Version Of Article

    		 
     
    ADVERTISEMENT

    Safeguarding the Identity and Integrity of XML Messages - XML Signature Fundamentals
    ( Page 2 of 21 )

    XML Signature combines the utility and power of digital signature technology with the power and flexibility of XML. An XML Signature is itself a piece of XML, and there is a corresponding XML Schema for how this XML will be structured. Within the XML Signature itself are references—URIs—to what is being digitally signed. These references are quite flexible as they can point to items within the same document or be external. Also, a single XML document can contain multiple XML Signatures. This flexibility and power make XML Signature technology somewhat complex when you consider the details. However, the basic concepts are not very difficult to understand, and the structure for an XML Signature, which is always rooted at the Signature element, provides a nice guide for understanding how XML Signatures work.

    XML Signature Requirements - Understanding the formal requirements that were provided/gathered by the W3C Working Group can help you understand why certain parts of the standards turned out the way they did. The following are some of the key requirements that stand out (you can see the full requirements at http://www.w3.org/TR/xmldsig-requirements):

    • XML Signatures apply to any resource addressable by a "locator" (uniform resource identifier), including non-XML content.

    • XML Signatures must be able to apply to a part or the whole XML document.

    • Multiple XML Signatures must be able to exist over the static content of a Web resource.

    • The specification must permit the use of varied digital signature and message authentication codes, such as symmetric and asymmetric authentication schemes as well as dynamic agreement of keying material.

    Other specified requirements affect the resulting standards as well, but considering these four demonstrates that XML Signatures are not just a simple application of digital signature technology on a piece of XML text. They are much more.

    SamsThis chapter is from Securing Web Services Security with WS-Security, by Jothy Rosenberg and David Remy (Sams, 2004, ISBN: 0672326515). Check it out at your favorite bookstore today.

    Buy this book now.




    Discuss Safeguarding the Identity and Integrity of XML Messages
     
    I do not have time to register all over the web, but because I found this article...
    >>> Post your comment now!
     


     
     
    >>> More Security Articles          >>> More By Sams Publishing
     

       

    SECURITY ARTICLES

    - Critical Microsoft Visual Studio Security Pa...
    - US Faces Tech Security Expert Deficit
    - LAN Reconnaissance
    - An Epilogue to Cryptography
    - A Sequel to Cryptography
    - An Introduction to Cryptography
    - Security Overview
    - Network Security Assessment
    - Firewalls
    - What’s behind the curtain? Part II
    - What’s behind the curtain? Part I
    - Vectors
    - PKI: Looking at the Risks
    - A Quick Look at Cross Site Scripting
    - PKI Architectures: How to Choose One
    Find More Security Articles




    © 2003-2009 by Developer Shed. All rights reserved. DS Cluster 5 Hosted by Hostway
    For more Enterprise Application Development news, visit eWeek