XML Security

Documents can be secured using XML now. When data is released to the web it becomes free for all and is available everywhere and it is literally omnipresent. How do you secure and safeguard something which is so widely spread. Security issues for XML documents has now reached climax because XML documents can be secured using XML security.

XML secures the documents in two ways; one is the ML signature and the other XML encryption.

XML Encryption

In the World Wide Web security is taken care of by secure socket layer (SSL) and Transport Level Security (TLS). This security software's makes sure that end to end applications are safe and secure, for example email communications. But these can cater to only the end to end segment. XML Encryption takes care of the gaps in the areas where the secure socket layer or Transport level security cannot fulfill. IXML security is capable of providing end to end security and selective security.

The XML syntax

How XML digital signatures created are and what do they cater to? The applications of XML signatures can be extended to digitally encrypted documents and can be applied to any varied digital content including XML documents. The XML schema usually decided the XML signature application that will be used. The XML signature application can be enveloped within the document; it can be applied to documents from more than one resource.

The most important job of an XML signature application is to specify key for the encrypted documents. It is not the applications job to reference how the keys are associated with different persons to whom the communication is digitally encrypted or carry information what the data contains. Its job is to just provide the key for accessibility.

The specifications provided in a XML security application cannot take care of all security concerns and while the specifications cannot address them, it becomes essential to use additional keys, algorithms and rendering needs. XML uses the capital letters to carry out instructions usually in the schema. The schema is not concerned with grammar and its functionality is more to bring out the desired results by carrying out the essential commands.

An overview of Signatures

XML signatures may be applied to digital content or data objects arbitrarily. Digital data objects are disintegrated and then placed with a cryptographic signature in the document. The Signature Element represents the digital data by using a structural format for representing the said data.

The validation process involves two steps. One is validation of the signature and the other is the validation of every single reference in the document. The algorithms that calculate the value of each signature is included in the signature itself. The key info usually has the info required to validate the document.

The processing contains of three steps, core generation, core validation and core signature syntax.

Core generation is further divided into two levels, reference generation and signature generation. In reference generation for every data object that has been signed, transforms are applied according the data object determined by the application. The value of the signature is calculated for the data object and then the signature element is constructed which will include the objects and the signed information.

In Signature generation the process that is followed is using the signature method, canonicaliztion method and references, a signed info element is created. Using the algorithms in the signature info the value of the signed object is calculated and then the signature element is constructed which will include the objects and the signature, key info and the signature value.

Core validation is further divided into two steps. These are the signature validation and reference validation. Some times in an application there may be some valid signatures but the application fails to validate these signatures. It may be caused due to the failure in implementation of a few parts in the specification or unwillingness to identify specific algorithms or even universal resource identifiers.

In the reference validation process the signed information element is canonicalized using the canonicalization method in the signed info. Then the data object is obtained and digested. The resulting data is digested or disintegrated using the digest method obtained from the reference specification and then the digest value is generated and compared to the digest value in the signed information reference. If there is any mismatch or inequality in the values the validation will fail and will be unsuccessful.

In the signature validation process the keying information is obtained either from an external source or in the key info and the canonical form of the signature info is obtained using the canonicalization method and the obtained result is used to validate the signature value and the signature info element.

Core signature syntax provides information on the features the core signature. These features are important and a must for the function of the program or its implementation.