We’ve come a long way since the beginning of our journey toward XML mastery. In the last article of his series, Frank Coyle examines XML-related security issues. We begin by looking at the family of XML security standards and then move on to the threat of black-hat attacks and what you can do to safeguard your XML-based applications.
The XML Encryption Standard
XML encryption is an XML vocabulary for working with public key encryption. You may wonder why a separate vocabulary is needed for sending XML over the Internet, when Secure Sockets Layer
XML Encryption provides end-to-end security for applications that require secure exchange of structured data. XML itself is the most popular technology for structuring data, and therefore XML-based encryption is the natural way to handle complex requirements for security in data interchange applications. Here in part 1 of this two-part series, Bilal explains how XML and security are proposed to be integrated into the W3C's Working Draft for XML Encryption.
Currently, Transport Layer Security (TLS) is the de facto standard for secure communication over
Summary: This article looks at the XML Digital Signature specification, explaining its processing model and some of its capabilities. It provides a more detailed, lower-level understanding of how the WS-Security specification implements its message security feature.
Introduction:
Digital signatures are important because they provide end-to-end message integrity guarantees, and can also provide authentication information about the originator of a message. In order to be most effective, the signature must be part of the application data, so that it
RSS/XML