You are previewing Secure XML: The New Syntax for Signatures and Encryption.
O'Reilly logo
Secure XML: The New Syntax for Signatures and Encryption

Book Description

Extensible Markup Language (XML) is the environment of choice for creating many of today's technologically sophisticated and security-sensitive Web applications. With Secure XML, developers now have the hands-on guide they need to combine a strong foundation in XML with proven, practical techniques for enabling the secure transmission of data across the Web.

Broad-based and comprehensive, Secure XML fully documents every feature and issue involved with XML security. Opening with a complete introduction to XML, the book then provides detailed coverage of authentication, canonicalization, keying, encryption, algorithms, and more. Notes, background information, guidelines, and "soapbox," or heretical comments, expand on the book's practical focus throughout. In all, this book features the most comprehensive roadmap to digital security and XML encryption available.

Topics covered in-depth include:

  • XML basics—documents, namespaces, structures, DTDs and schemas, and stylesheets

  • XPath, XPointer, and SOAP

  • Digital cryptography basics--secret and public key ciphers, asymmetric keys, digital signatures, and certificates

  • XML canonicalization, signatures, and authentication

  • XML encryption

  • Key management and combining encryption with signatures

  • Cryptographic algorithms and noncryptographic algorithms

  • Detailed and practical, this book provides reliable solutions for securing XML and for safeguarding information flow across today's sophisticated Web.



    0201756056B06262002

    Table of Contents

    1. Copyright
    2. Preface
    3. Introduction
      1. XML and Security
        1. XML
        2. The Need for Secure XML
        3. Status of XML Security Standardization
        4. Work in Progress
      2. Digital Cryptography Basics
        1. Message Digests
        2. Message Authentication Codes
        3. Secret or Symmetric Key Ciphers
        4. Public or Asymmetric Key Ciphers
        5. Asymmetric Keys and Authentication
        6. Digital Signatures
        7. Certificates
        8. Enveloped Encryption
        9. Canonicalization
        10. Randomness
        11. Other Facets of Security
        12. Cryptography: A Subtle Art
    4. XML Basics
      1. The Extensible Markup Language
        1. Related Standards and Recommendations
        2. XML Documents
        3. XML Document Structure
        4. XML Document Logical Structure
        5. XML Namespaces
        6. XML Document Physical Structure
        7. XML and Stylesheets
      2. XML Document Type Definitions
        1. Introduction to DTDs
        2. Document Type Declarations
        3. Element Type Declarations
        4. Defining Attributes in DTDs
        5. Entity Reference Declarations
        6. Notation Declarations
      3. XML Schema
        1. Overview
        2. Types
        3. Elements and Attributes
        4. Namespaces
        5. Miscellaneous Aspects of Schemas
        6. Parts Not Covered
      4. XPath: A Basic Building Block
        1. Introduction to XPath
        2. Data Model
        3. Location Paths
        4. Expressions
        5. Function Library
      5. URIs, xml:base, and XPointer
        1. URIs
        2. xml:base
        3. XPointer
      6. SOAP
        1. Introduction to SOAP
        2. SOAP Envelope, Message Exchange, and Processing Model
        3. SOAP Encoding
        4. SOAP Transport Binding and HTTP
        5. SOAP Remote Procedure Call
    5. Canonicalization and Authentication
      1. XML Canonicalization: The Key to Robustness
        1. Canonicalization—Essential for Signatures Over XML
        2. Canonical XML and XML Encryption
        3. Transformative Summary
        4. The XML Canonicalization Data Model
        5. Formal Generative Specification
        6. Limitations of XML Canonicalization
      2. XML Signatures and Authentication
        1. Introduction to XML Digital Signatures
        2. XML Signature Syntax
        3. XML Signature Examples
        4. Transforms and the Use of XPath
        5. Processing Rules
        6. Security of Signatures
      3. Profiling XMLDSIG for Applications
        1. P3P XMLDSIG
        2. SOAP XMLDSIG
      4. ETSI “Advanced” XML Signatures
        1. Levels of XAdES Signature
        2. XAdES Signature Syntax Basics
        3. XAdES Signature Elements Syntax
        4. Validation Data Syntax
    6. Keying
      1. The KeyInfo Element
        1. KeyInfo Element Syntax
        2. KeyInfo Child Elements
        3. Private Keys
        4. The KeyValue Element
        5. The EncryptedKey Element
        6. The RetrievalMethod Element
        7. The AgreementMethod Element
        8. The KeyName Element
        9. The X509Data Element
        10. The PGPData Element
        11. The SPKIData Element
        12. The MgmtData Element
      2. XKMS: XML Key Management
        1. Namespaces
        2. The Key Information Service
        3. XKMS Common Data Elements
        4. The Key Registration Service
        5. XKMS Cryptographic Algorithms
        6. Security Considerations
    7. Encryption
      1. XML Encryption
        1. Introduction to XML Encryption
        2. XML Encryption Syntax
        3. Encryption Examples
        4. Processing Flow
        5. Encryption Security Considerations
      2. Combining Encryption and Signature
        1. General Considerations
        2. The Decryption Transform
    8. Algorithms
      1. Overview of Algorithms
        1. Algorithm Syntax
        2. Algorithmic Roles
      2. Cryptographic Algorithms
        1. Message Digests
        2. Key Agreement Algorithms
        3. Message Authentication Codes
        4. Signature Algorithms
        5. Block Encryption Algorithms
        6. Stream Encryption Algorithms
        7. Key Transport Algorithms
        8. Symmetric Key Wrap Algorithms
      3. Non-cryptographic Algorithms
        1. Canonicalization Algorithms
        2. Transformation Algorithms
    9. Appendixes
      1. XML Security Implementations
        1. Apache
        2. Baltimore Technologies
        3. Capslock
        4. Done Information
        5. DSTC
        6. Entrust
        7. Fujitsu
        8. GapXse
        9. HP Web Services
        10. IAIK
        11. IBM
        12. Infomosaic
        13. JDSS II
        14. Mather
        15. Microsoft
        16. NEC
        17. Phaos Technology
        18. Poupou
        19. RSA Security
        20. Siggen
        21. Verisign
        22. W3C
        23. WebSig
        24. Wedgetail
        25. XML Sec
      2. The W3C and W3C Documents
        1. Access to W3C Documents
        2. W3C Document Status
        3. W3C Document Format
        4. W3C Document Disclaimer
        5. W3C Software Disclaimer
      3. The IETF and IETF Documents
        1. RFC Status
        2. Access to RFCs
        3. RFC Format
      4. The NIST and NIST Documents
        1. Access to NIST FIPS Documents
        2. Status of NIST Documents
        3. Format of FIPS
      5. The Paper and Protocol Points of View
        1. The Basic Points of View
        2. Questions of Meaning
        3. Processing Models
        4. Security and Canonicalization
        5. Unique Internal Labels
        6. Examples
        7. Resolution of the Points of View
      6. SOAP Encoding Schema
      7. References and Acronyms