Beruflich Dokumente
Kultur Dokumente
K.SARANYA
KCT
THREE BASIC SECURITY REQUIREMENT
FOR E-BUSINESS
• confidentiality
Cryptography
Data integrity
• Ensures message received is msg sent
• For authentication
• Canonicalization addresses the fact that when XML is read and processed using
standard XML parsing and processing techniques, some surface representation
information may be lost or modified.
CANONICALIZATION
• The document that results from XML Canonicalization ensures that all
internal entities and XML namespaces are expanded
• Entities are replaced with their definitions and the canonical form
explicitly represents the namespace that an element would otherwise
inherit.
CANONICALIZATION
The steps that take place during the creation of a core canonical form include
• XML Encryption
• The XML Digital Signature specification defines both the syntax and rules for
processing XML digital signatures.
• The XML Digital Signature specification defines a series of XML elements for
describing details of the signature. Some of these elements and what they
signify are as follows:
SignedInfo:
SignedInfo:
•Signature Method: The algorithm used to convert the canonicalized SignedInfo into
the Signature Value.
•Reference: Each Reference element includes the method used to compute the
digital hash and resulting digest value calculated over the identified data object.
SignedInfo:
SignedInfo:
•KeyInfo: This element indicates the key to be used to validate the signature.
•DigestValue: This element holds the value computed based on the data being
signed. Changing one character of the data being signed will result in an entirely
different digest value.
Steps in Signature generation
• XML Key Management Specification (XKMS) uses the web services framework to
make it easier for developers to secure inter-application communication using
public key infrastructure (PKI).
• XKMS is one of the three W3C specifications that define the XML security
architecture.
• XKMS is a W3C initiative that targets the delegation of trust processing decisions
to one or more specialized trust processors, to give businesses an easier way to
manage digital signatures and data encryption
XKMS-STRUCTURE
• XKMS specifies protocols for distributing and registering public keys and is
suitable for use in conjunction with the proposed standard for XML
Signature and as a companion standard for XML Encryption
• X-KRSS defines a protocol for a Web service that accepts registration of public-
key information.
• Once registered, the public key may be used in conjunction with other Web
services, including X-KISS
• client of a conforming service may request that the registration service bind
information to a public key. The information bound may include a name, an
identifier, or extended attributes defined by the implementation.
Guidelines for Signing XML Documents