Home arrow XML arrow Page 9 - XML Signatures: Behind the Curtain

XML Signatures: Behind the Curtain

In this article, Larry considers the security risks that exists with the current XML authentication standards.

Author Info:
By: Larry Loeb
Rating: 3 stars3 stars3 stars3 stars3 stars / 8
March 07, 2003
  1. · XML Signatures: Behind the Curtain
  2. · Introduction
  3. · The Overview
  4. · What They Don't Tell You in the Specification
  5. · The Geek Part
  6. · Signature Elements
  7. · An Example to Mull Over
  8. · A Pithy Summary
  9. · The Resources

print this article

XML Signatures: Behind the Curtain - The Resources
(Page 9 of 9 )

  • Read the W3C Recommendation, "XML Schema Part 1: Structures" (D. Beech, M. Maloney, N. Mendelsohn, H. Thompson. May 2001.), which specifies how the XML Schema definition language offers facilities for describing the structure and constraining the contents of XML 1.0 documents.
  • "XML Schema Part 2: Datatypes" (P. Biron, A. Malhotra. May 2001.) is the second part of the specification of the XML Schema language. It defines facilities for defining datatypes to be used in XML schemas as well as other XML specifications.
  • RFC 2807 lists the design principles, scope, and requirements for the XML Digital Signature specification. It includes requirements as they relate to the signature syntax, data model, format, cryptographic processing, and external requirements and coordination.
  • The W3C Working Draft "XML-Signature Requirements" (J. Reagle. April 2000.) lists the design principles, scope, and requirements for the XML Digital Signature specification.
  • Public comments on the standard should be sent to w3c-ietf-xmldsig@w3.org , the appropriate mailing list.
  • For an introduction to XML encryption and XML signature, take a look at Enabling XML security by Murdoch Mactaggart, here on developerWorks.
  • For the basics on Public Key Infrastructure, read Joe Rudich's developerWorks article PKI: A primer
  • Of course, you can find a wide range of security articles in the developerWorks Security topic , and our XML zone is always an excellent resource for developers working with the language.
  • The XML Security Suite , available on alphaWorks, provides security features such as digital signature, encryption, and access control for XML documents.
  • IBM security services can help you determine what your risks are, and then design a security program to address them.
  • RFC 3075, XML-Signature Syntax and Processing is the IETF's specification for the candidate.

    First published by IBM developerWorks at http://www.ibm.com/developerWorks/

  • DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware.

    blog comments powered by Disqus

    - Open XML Finally Supported by MS Office
    - XML Features Added to Two Systems
    - Using Regions with XSL Formatting Objects
    - Using XSL Formatting Objects
    - More Schematron Features
    - Schematron Patterns and Validation
    - Using Schematron
    - Datatypes and More in RELAX NG
    - Providing Options in RELAX NG
    - An Introduction to RELAX NG
    - Path, Predicates, and XQuery
    - Using Predicates with XQuery
    - Navigating Input Documents Using Paths
    - XML Basics
    - Introduction to XPath

    Watch our Tech Videos 
    Dev Articles Forums 
     RSS  Articles
     RSS  Forums
     RSS  All Feeds
    Write For Us 
    Weekly Newsletter
    Developer Updates  
    Free Website Content 
    Contact Us 
    Site Map 
    Privacy Policy 

    Developer Shed Affiliates


    © 2003-2019 by Developer Shed. All rights reserved. DS Cluster - Follow our Sitemap
    Popular Web Development Topics
    All Web Development Tutorials