XML Security Suite: Increasing the Security of E-Business
By Doug Tidwell2005-05-18
A brief overview of Web security
|
|
As more and more companies use XML to transmit structured data across the Web, the security of documents becomes increasingly important. The World Wide Web Consortium (W3C) and the Internet Engineering Task Force (IETF) are currently defining an XML vocabulary for digital signatures. The Tokyo Research Lab has created the XML Security Suite, a prototype implementation of the XML signature specification. The XML Security Suite, available from IBM's alphaWorks, contains utilities to automatically generate XML digital signatures.
When sending secure data across the Web, you need four things:
- Confidentiality -- No one else can access or copy the data.
- Integrity -- The data isn't altered as it goes from the sender to the receiver.
- Authentication -- The document actually came from the purported sender.
- Nonrepudiability -- The sender of the data cannot deny that they sent it, and they cannot deny the contents of the data.
SSL provides the first three functions; the XML Security Suite provides the fourth.
Tutorial Pages:
» A brief overview of Web security
» Creating a secure session
» The XML Security Suite
» XML Signatures
» About the sample programs
» Creating a certificate
» Signing an internal XML resource
» Signing an external XML resource
» Signing a non-XML resource
» Verifying a digital signature
» The joys of nonrepudiability
» Canonical XML
» Element-level encryption
» Other utilities
» Summary
» Resources
First published by IBM DeveloperWorks
|
