Logo

Navigation
  • Home
  • Services
    • ERP Solutions
    • Implementation Solutions
    • Support and Maintenance Solutions
    • Custom Solutions
    • Upgrade Solutions
    • Training and Mentoring
    • Web Solutions
    • Production Support
    • Architecture Designing
    • Independent Validation and Testing Services
    • Infrastructure Management
  • Expertise
    • Microsoft Development Expertise
    • Mobile Development
    • SQL Server Database and BI
    • SAP BI, SAP Hana, SAP BO
    • Oracle and BI
    • Oracle RAC
  • Technical Training
    • Learn Data Management
      • Business Intelligence
      • Data Mining
      • Data Modeling
      • Data Warehousing
      • Disaster Recovery
    • Learn Concepts
      • Application Development
      • Client Server
      • Cloud Computing Tutorials
      • Cluster Computing
      • CRM Tutorial
      • EDI Tutorials
      • ERP Tutorials
      • NLP
      • OOPS
      • Concepts
      • SOA Tutorial
      • Supply Chain
      • Technology Trends
      • UML
      • Virtualization
      • Web 2.0
    • Learn Java
      • JavaScript Tutorial
      • JSP Tutorials
      • J2EE
    • Learn Microsoft
      • MSAS
      • ASP.NET
      • ASP.NET 2.0
      • C Sharp
      • MS Project Training
      • Silverlight
      • SQL Server 2005
      • VB.NET 2005
    • Learn Networking
      • Networking
      • Wireless
    • Learn Oracle
      • Oracle 10g
      • PL/SQL
      • Oracle 11g Tutorials
      • Oracle 9i
      • Oracle Apps
    • Learn Programming
      • Ajax Tutorial
      • C Language
      • C++ Tutorials
      • CSS Tutorial
      • CSS3 Tutorial
      • JavaScript Tutorial
      • jQuery Tutorial
      • MainFrame
      • PHP Tutorial
      • VBScript Tutorial
      • XML Tutorial
    • Learn Software Testing
      • Software Testing Types
      • SQA
      • Testing
  • Career Training
    • Career Improvement
      • Career Articles
      • Certification Articles
      • Conflict Management
      • Core Skills
      • Decision Making
      • Entrepreneurship
      • Goal Setting
      • Life Skills
      • Performance Development
      • Personal Excellence
      • Personality Development
      • Problem Solving
      • Relationship Management
      • Self Confidence
      • Self Supervision
      • Social Networking
      • Strategic Planning
      • Time Management
    • Education Help
      • Career Tracks
      • Essay Writing
      • Internship Tips
      • Online Education
      • Scholarships
      • Student Loans
    • Managerial Skills
      • Business Communication
      • Business Networking
      • Facilitator Skills
      • Managing Change
      • Marketing Management
      • Meeting Management
      • Process Management
      • Project Management
      • Project Management Life Cycle
      • Project Management Process
      • Project Risk Management
      • Relationship Management
      • Task Management
      • Team Building
      • Virtual Team Management
    • Essential Life Skills
      • Anger Management
      • Anxiety Management
      • Attitude Development
      • Coaching and Mentoring
      • Emotional Intelligence
      • Stress Management
      • Positive Thinking
    • Communication Skills
      • Conversation Skills
      • Cross Culture Competence
      • English Vocabulary
      • Listening Skills
      • Public Speaking Skills
      • Questioning Skills
    • Soft Skills
      • Assertive Skills
      • Influence Skills
      • Leadership Skills
      • Memory Skills
      • People Skills
      • Presentation Skills
    • Finding a Job
      • Etiquette Tips
      • Group Discussions
      • HR Interviews
      • Interview Notes
      • Job Search Tips
      • Resume Tips
      • Sample Resumes
 

XML Security

By Exforsys | on July 21, 2007 |
XML Tutorial

XML Security

Documents can be secured using XML now. When data is released to the web it becomes free for all and is available everywhere and it is literally omnipresent. How do you secure and safeguard something which is so widely spread. Security issues for XML documents has now reached climax because XML documents can be secured using XML security.

XML secures the documents in two ways; one is the ML signature and the other XML encryption.

XML Encryption

In the World Wide Web security is taken care of by secure socket layer (SSL) and Transport Level Security (TLS). This security software’s makes sure that end to end applications are safe and secure, for example email communications. But these can cater to only the end to end segment. XML Encryption takes care of the gaps in the areas where the secure socket layer or Transport level security cannot fulfill. IXML security is capable of providing end to end security and selective security.

The XML syntax

How XML digital signatures created are and what do they cater to? The applications of XML signatures can be extended to digitally encrypted documents and can be applied to any varied digital content including XML documents. The XML schema usually decided the XML signature application that will be used. The XML signature application can be enveloped within the document; it can be applied to documents from more than one resource.

The most important job of an XML signature application is to specify key for the encrypted documents. It is not the applications job to reference how the keys are associated with different persons to whom the communication is digitally encrypted or carry information what the data contains. Its job is to just provide the key for accessibility.

The specifications provided in a XML security application cannot take care of all security concerns and while the specifications cannot address them, it becomes essential to use additional keys, algorithms and rendering needs. XML uses the capital letters to carry out instructions usually in the schema. The schema is not concerned with grammar and its functionality is more to bring out the desired results by carrying out the essential commands.

An overview of Signatures

XML signatures may be applied to digital content or data objects arbitrarily. Digital data objects are disintegrated and then placed with a cryptographic signature in the document. The Signature Element represents the digital data by using a structural format for representing the said data.

The validation process involves two steps. One is validation of the signature and the other is the validation of every single reference in the document. The algorithms that calculate the value of each signature is included in the signature itself. The key info usually has the info required to validate the document.

The processing contains of three steps, core generation, core validation and core signature syntax.

Core generation is further divided into two levels, reference generation and signature generation. In reference generation for every data object that has been signed, transforms are applied according the data object determined by the application. The value of the signature is calculated for the data object and then the signature element is constructed which will include the objects and the signed information.

In Signature generation the process that is followed is using the signature method, canonicaliztion method and references, a signed info element is created. Using the algorithms in the signature info the value of the signed object is calculated and then the signature element is constructed which will include the objects and the signature, key info and the signature value.

Core validation is further divided into two steps. These are the signature validation and reference validation. Some times in an application there may be some valid signatures but the application fails to validate these signatures. It may be caused due to the failure in implementation of a few parts in the specification or unwillingness to identify specific algorithms or even universal resource identifiers.

In the reference validation process the signed information element is canonicalized using the canonicalization method in the signed info. Then the data object is obtained and digested. The resulting data is digested or disintegrated using the digest method obtained from the reference specification and then the digest value is generated and compared to the digest value in the signed information reference. If there is any mismatch or inequality in the values the validation will fail and will be unsuccessful.

In the signature validation process the keying information is obtained either from an external source or in the key info and the canonical form of the signature info is obtained using the canonicalization method and the obtained result is used to validate the signature value and the signature info element.

Core signature syntax provides information on the features the core signature. These features are important and a must for the function of the program or its implementation.

XML and Universal Resource Identifier Attributes

The Universal Resource Identifier or the URI is used to identify the object and it uses the URI reference. The URI attributes and the XML follow the same set of characters which is called the Unicode. And the disallowed characters are converted into Octets. The URI follows a specific reference processing model.

The RPM or Reference Processing Model

If a certain data type has octets then the signature application will make an attempt to parse the octets. If the data type is a node set then the signature application has to attempt to convert the node sets into octets using the canonicalization method and then parse the octets.

Sometimes the reference validation may fail if the fragments processing has not been done in a standardized way. The proxies will not validate them.

An overview of the controls, authorization and authentication

On the internet the control parameters are established to recognize who can access the information and why they are accessing the information because in many cases information that is critical to a business is being divulged. The control or access control is established by two components.

The authentication component identifies the person and who is accessing the information. The authorization component establishes the reasons and what the person is allowed to do with the information. Basically both these processes ask these questions, who are you? And what are you allowed to do?

In e commerce business transactions are highly complex and they are carried out across several varied platforms and servers, information is exchanged between many servers due to which security has become very complicated. These two components of the XML security achieve the standards of keeping the data secure in a simple fashion.

What exactly does the Authorization component do? It breaks down information further into questions; one is policies and second is distribution. At the policy level it analyzes the data from different sources and looks into it carefully to declare authorizations and rules related to who can do what. At the distribution level it decides who can do what and then distributes the rights to the applications to carry out their tasks.

Some of the authorization services can be:

Credit rating: A number of authorization services which are at premium level are available and they provide information like credit ratings, approvals, rejections etc; you need certain interfaces to carry out the transactions and access this data. XML security uses the authorization here for these kinds of business services.

Exchange of business information: Exchange of information between businesses needs authorization and authentication. This exchange of information is possible using the XML security process

Data related to health Care: health care data is treated with care and needs to be extremely confidential. The health care services are common but much fragile and need to be secure too. There should be immediate accessibility also. Security can be created here even as information is being passed from one provider to another and the access can be controlled at the same time.

Another important feature in most business transactions is exchange of money. XMLPay is a web service which enables a payment gateway. It provides connectivity to major financial institutions. It is useful to both Business to consumer and Business to Business portals. XML Pay enables point to point business transactions and enabling business organizations to carry out e commerce transactions freely over the web and avoiding the need to use the legacy payment technologies.

The XML is useful especially when the buyer needs to forward an X amount to the seller and the seller needs to record that payment using a payment processor. The typical XML components involved in a payment transaction are XML pay core which has the basic data types that go into a business transaction between business operations. This function is the heart of the XML pay system. XML Pay registration captures all information that is exchanged while registration or enrollment and also configuration. XML pay reports gather all the payment information and then reports the payment so that the transaction can be carried out successfully and securely.

« « Client-Server Security
NLP Metaphors » »

Author Description

Avatar

Editorial Team at Exforsys is a team of IT Consulting and Training team led by Chandra Vennapoosa.

Free Training

RSSSubscribe 394 Followers
  • Popular
  • Recent
  • XML – Document Type Definitions (DTD)

    June 14, 2006 - 0 Comment
  • XML Remote Calling Procedure

    July 19, 2007 - 0 Comment
  • XML – Elements in Document Type Definitions (DTD)

    June 14, 2006 - 0 Comment
  • XML SQL Server

    July 23, 2007 - 0 Comment
  • Working with XML in Flash

    August 30, 2007 - 0 Comment
  • XML and Service Oriented Architecture

    July 25, 2007 - 0 Comment
  • Working with XML in Python

    September 2, 2007 - 0 Comment
  • XML Spy

    August 24, 2007 - 0 Comment
  • Working with XML in Perl

    September 6, 2007 - 0 Comment
  • Using XML with Microsoft Excel

    August 24, 2007 - 0 Comment
  • Working with XML in C

    September 7, 2007 - 0 Comment
  • Working with XML in Perl

    September 6, 2007 - 0 Comment
  • Working with XML in Python

    September 2, 2007 - 0 Comment
  • Working with XML in Flash

    August 30, 2007 - 0 Comment
  • Working with XML in Oracle

    August 30, 2007 - 0 Comment
  • Working with XML in Visual Basic

    August 28, 2007 - 0 Comment
  • Using XML with Microsoft Excel

    August 24, 2007 - 0 Comment
  • XML Spy

    August 24, 2007 - 0 Comment
  • XML and Service Oriented Architecture

    July 25, 2007 - 0 Comment
  • XML SQL Server

    July 23, 2007 - 0 Comment

Exforsys e-Newsletter

ebook
 

Related Articles

  • Working with XML in C
  • Working with XML in Perl
  • Working with XML in Python
  • Working with XML in Flash
  • Working with XML in Oracle

Latest Articles

  • Project Management Techniques
  • Product Development Best Practices
  • Importance of Quality Data Management
  • How to Maximize Quality Assurance
  • Utilizing Effective Quality Assurance Strategies
  • Sitemap
  • Privacy Policy
  • DMCA
  • Trademark Information
  • Contact Us
© 2023. All Rights Reserved.IT Training and Consulting
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish.AcceptReject Read More
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT