Home arrow XML arrow Page 3 - XML Signatures: Behind the Curtain
XML

XML Signatures: Behind the Curtain


In this article, Larry considers the security risks that exists with the current XML authentication standards.

Author Info:
By: Larry Loeb
Rating: 3 stars3 stars3 stars3 stars3 stars / 8
March 07, 2003
TABLE OF CONTENTS:
  1. · XML Signatures: Behind the Curtain
  2. · Introduction
  3. · The Overview
  4. · What They Don't Tell You in the Specification
  5. · The Geek Part
  6. · Signature Elements
  7. · An Example to Mull Over
  8. · A Pithy Summary
  9. · The Resources

print this article
SEARCH DEVARTICLES

XML Signatures: Behind the Curtain - The Overview
(Page 3 of 9 )

XML signatures have been designed (according to the RFC) with the multiple goals of providing "integrity, message authentication, and/or signer authentication services for data of any type, whether located within the XML that includes the signature or elsewhere. " (I've bolded that last phrase because it is central to what this candidate implies for how the 'Net would work if it is adopted and implemented. More on this later.) These are fairly ambitious goals to be sure, and fairly extensive if considered in context. These signatures and their associated processes have as an ultimate goal providing the default basic server-based security services for the Web through the use of XML.

However, the authors do have some sense of proportion about their work. The candidate contains this passage: "The XML Signature ... does not normatively specify how keys are associated with persons or institutions, nor the meaning of the data being referenced and signed. Consequently, while this specification is an important component of secure XML applications, it is, by itself, not sufficient to address all application security/trust concerns, particularly with respect to using signed XML (or other data formats) as a basis of human-to-human communication and agreement. Such an application must specify additional key, algorithm, processing and rendering requirements." In short, the authors are cautioning against considering this work as a technical panacea; that it must be used within other security measures. This is wise, but begs the question of what's behind the XML curtain.


blog comments powered by Disqus
XML ARTICLES

- Open XML Finally Supported by MS Office
- XML Features Added to Two Systems
- Using Regions with XSL Formatting Objects
- Using XSL Formatting Objects
- More Schematron Features
- Schematron Patterns and Validation
- Using Schematron
- Datatypes and More in RELAX NG
- Providing Options in RELAX NG
- An Introduction to RELAX NG
- Path, Predicates, and XQuery
- Using Predicates with XQuery
- Navigating Input Documents Using Paths
- XML Basics
- Introduction to XPath

Watch our Tech Videos 
Dev Articles Forums 
 RSS  Articles
 RSS  Forums
 RSS  All Feeds
Write For Us 
Weekly Newsletter
 
Developer Updates  
Free Website Content 
Contact Us 
Site Map 
Privacy Policy 
Support 

Developer Shed Affiliates

 




© 2003-2017 by Developer Shed. All rights reserved. DS Cluster - Follow our Sitemap
Popular Web Development Topics
All Web Development Tutorials