XML Security Suite: Increasing the Security of E-Business

By Doug Tidwell
2005-05-18


XML Signatures
The W3C and the IETF are currently working together on a proposal for XML-based digital signatures. The proposal defines a <signature> element that contains all the information needed to process a digital signature. Each digital signature refers to one of three things:

• An XML element contained inside the <signature> element
• An external XML document, referenced by a URI
• An external non-XML resource, referenced by a URI

Examples in this article show you how to create each of these resources. See the latest draft of the XML Signature proposal (see Resources) if you'd like to read all the gory details.

Color-coding our colorful coding This article features colorized code listings, something we're experimenting with here at dW. To generate our color-coded listings, I'm using a couple of open-source tools. First, I load the document (Java, HTML, XML, whatever) into Emacs. Emacs defines colors for keywords, comments, function names, and other programming language constructs -- about a dozen in all. After Emacs has loaded and colored a file, I use the HTMLize package, an open-source utility written in the ever-popular Emacs Lisp language. HTMLize takes a listing exactly as it appears in Emacs, then converts it to HTML. The result is a fully color-coded file that highlights keywords, comments, function names, and so on. Let us know what you think about these new and improved code listings. If you'd like to do this kind of thing yourself, see Resources for the appropriate links.

To illustrate how XML Signatures work, I generated a signature file called signature.xml for the Shakespearean sonnet used for so many of my XML examples. (View it in HTML; you can also download this file.)

In the signature file, the signed element is the sonnet, contained inside the <dsig:Object> element. The actual signature is contained in the <SignatureValue> element, with the signer of the document indicated in the <X509Data> element.

Tutorial Pages:
» A brief overview of Web security
» Creating a secure session
» The XML Security Suite
» XML Signatures
» About the sample programs
» Creating a certificate
» Signing an internal XML resource
» Signing an external XML resource
» Signing a non-XML resource
» Verifying a digital signature
» The joys of nonrepudiability
» Canonical XML
» Element-level encryption
» Other utilities
» Summary
» Resources


First published by IBM DeveloperWorks

Related Tutorials: » Starting with XML » Performing Client-Side XSL Transformations » Create a Google Sitemap for your Web Site » XML and Scripting Languages » Parsing Comma-Separated Values » Servlets and XML: Made for Each Other

Tutorials AJAX ASP CGI & Perl CSS Flash HTML Illustrator Java JavaScript Linux MySQL PHP Photoshop Python Wireless XML Miscellaneous Scripts AJAX ASP ASP.NET CGI & Perl Flash Java JavaScript PHP Python Remotely Hosted Tools & Utilities XML Web Hosting Articles ASP.NET Budget Dedicated Servers Ecommerce Linux Resellers Shared Small Business Windows Developer Manuals Learn HTML Learn PHP Learn CSS Learn AJAX Learn JavaScript Learn Pear White Papers Resources Developer Tools Developer Content