Next, I'd like to give you some hints regarding security with XML and Web Services. Note that Web Services are discussed in detail in Chapter 16; you might want to read that chapter first before reading this section.
In principle, you can use different types of standards, including the following:
General security standards
XML security standards
Web Services security standards
Figure 14-3 illustrates the options in more detail.
Figure 14-3. Security stack for XML and Web Services
The general security standards include the well-known algorithms, such as RSA, AES, and DES, as well as basic security standards for encryption and secure conversation, such as SSL, Kerberos, and so on. There are also special standards that deal with XML documents. Their advantage is that they read and write XML files, so the result of an encryption or signature can be processed using the usual XML processing chain. Finally, at the top of the diagram there are general XML-based security standards, such as SAML, and standards with special Web Services aspects, such as WS-Security.
Let's briefly discuss some the most important standards.
One important general standard, maintained by OASIS, is the Security Assertion Markup Language (SAML). SAML is an XML-based language for the management and exchange of security information between different systems. It allows for one party ...