03-10-2012, 03:25 PM
XML Security
security.ppt (Size: 655 KB / Downloads: 125)
Introduction
XML is a growing standard
Security integration is essential
XML Security combines legacy cryptographic technologies with XML technologies to provide a secure environment for users and applications
So What’s this XML?
eXtended Markup Language (like HTML, just extended)
Syntax and rules for structuring information
Anyone can create a vocabulary and use it
Any application can learn a vocabulary and read it
We tell apart from vocabularies using namespaces
SOAP (like Dove?)
Simple Object Access Protocol
The SOAP envelope - defines an overall framework for expressing what is in a message; who should deal with it, and whether it is optional or mandatory
The SOAP encoding rules defines a serialization mechanism that can be used to exchange instances of application-defined datatypes
The SOAP RPC representation defines a convention that can be used to represent remote procedure calls and responses
XML Security Standards
XML Vocabulary for security information is defined
Standards comply with other XML standards
Security should be applied to:
Whole XML Documents
Specific XML Elements
XML Element Content
Security is associated with content (not transport, like SSL)
XML Security uses existing crypto methods
XML Encryption
Purpose:
Allow users to encrypt and decrypt data
Provide confidentiality in transport and in storage
Features:
Defined vocabulary for ciphers and encryption information
Both XML and non-XML content can be encrypted
Encryption granularity – element content
Encrypted infromation stays in XML form.
Compatible with signatures
Supports for many encryption algorithms