Home arrow Security arrow Page 10 - Safeguarding the Identity and Integrity of XML Messages


XML Signature and XML Encryption, two of the three major pillars of the WS-Security standard, are so predominant in current thinking about Web Services Security that some people mistake them as the only strategy for securing Web services. This is really not the case at all. Read more in this chapter from Securing Web Services with WS-Security, by Rosenberg and Remy (ISBN 0672326515, SAMS, 2004).

  1. Safeguarding the Identity and Integrity of XML Messages
  2. XML Signature Fundamentals
  3. XML Signature Structure
  4. Types of XML Signatures
  5. The Signature Element Schema
  6. XML Signature Processing
  7. XML Signature Validation
  8. The XML Signature Elements
  9. Canonicalization Actions from Canonical XML Version 1.0
  10. The SignatureMethod Element
  11. The Reference Element
  12. The Transform Element
  13. XPath Filtering Transform
  14. Enveloped Signature Transform
  15. XPath Filter 2.0 Transform
  16. The DigestMethod Element
  17. The Object Element
  18. The Manifest Element
  19. The KeyInfo Element
  20. Security Strategies for XML Signature
  21. Summary
By: Sams Publishing
Rating: starstarstarstarstar / 7
September 09, 2004

print this article




SignatureMethod names the algorithm that will be used for signing and verifying signatures. Two signature algorithms are required: DSAwithSHA1, which is an implementation of the Digital Signature Algorithm (DSA), and HMAC-SHA1. DSAwithSHA1 is a public key strategy (sign with a private key, decrypt with a public key), and HMAC-SHA1 is a shared key hashed message authentication code strategy. This is a little unusual. Digital signatures are typically meant to validate integrity (that the document has not changed) and identity (that a particular individual, device, or process signed the document). Validation of identity is associated with public key cryptography (for example, DSA or RSA), not shared key cryptography. A shared key approach is typically not associated with digital signatures; however, the XML working group wanted to allow for a situation in which the primary purpose for the signature was integrity, and HMAC-SHA1 is an excellent (and fast) way to accomplish this goal.

In addition to the DSA algorithm, RSAwithSHA1 is recommended (but not required). Remember that the DSA algorithm and, consequently, DSA keys can be used only for digital signatures. The RSA public key algorithms can be used for both digital signatures and encryption and are more commonly used than DSA. Most, if not all, XML Signature implementations support RSAwithSHA1.

The following is an example of a SignatureMethod element:

<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1" />

SamsThis chapter is from Securing Web Services Security with WS-Security, by Jothy Rosenberg and David Remy (Sams, 2004, ISBN: 0672326515). Check it out at your favorite bookstore today.

Buy this book now.

>>> More Security Articles          >>> More By Sams Publishing

blog comments powered by Disqus
escort Bursa Bursa escort Antalya eskort


- Secure Your Business for Data Privacy Day
- Google Testing Security Fob Password Alterna...
- Security News Highlights Concerns
- Going to Extremes for Data Security
- Skipfish Website Vulnerability Scanner
- Critical Microsoft Visual Studio Security Pa...
- US Faces Tech Security Expert Deficit
- LAN Reconnaissance
- An Epilogue to Cryptography
- A Sequel to Cryptography
- An Introduction to Cryptography
- Security Overview
- Network Security Assessment
- Firewalls
- What’s behind the curtain? Part II

Developer Shed Affiliates


Dev Shed Tutorial Topics: