XML Security
Documents can be secured using XML now. When data is released to the web it becomes free for all and is available everywhere and it is literally omnipresent. How do you secure and safeguard something which is so widely spread. Security issues for XML documents has now reached climax because XML documents can be secured using XML security.
XML secures the documents in two ways; one is the ML signature and the other XML encryption.
XML Encryption
In the World Wide Web security is taken care of by secure socket layer (SSL) and Transport Level Security (TLS). This security software’s makes sure that end to end applications are safe and secure, for example email communications. But these can cater to only the end to end segment. XML Encryption takes care of the gaps in the areas where the secure socket layer or Transport level security cannot fulfill. IXML security is capable of providing end to end security and selective security.
The XML syntax
How XML digital signatures created are and what do they cater to? The applications of XML signatures can be extended to digitally encrypted documents and can be applied to any varied digital content including XML documents. The XML schema usually decided the XML signature application that will be used. The XML signature application can be enveloped within the document; it can be applied to documents from more than one resource.
The most important job of an XML signature application is to specify key for the encrypted documents. It is not the applications job to reference how the keys are associated with different persons to whom the communication is digitally encrypted or carry information what the data contains. Its job is to just provide the key for accessibility.
The specifications provided in a XML security application cannot take care of all security concerns and while the specifications cannot address them, it becomes essential to use additional keys, algorithms and rendering needs. XML uses the capital letters to carry out instructions usually in the schema. The schema is not concerned with grammar and its functionality is more to bring out the desired results by carrying out the essential commands.
An overview of Signatures
XML signatures may be applied to digital content or data objects arbitrarily. Digital data objects are disintegrated and then placed with a cryptographic signature in the document. The Signature Element represents the digital data by using a structural format for representing the said data.
The validation process involves two steps. One is validation of the signature and the other is the validation of every single reference in the document. The algorithms that calculate the value of each signature is included in the signature itself. The key info usually has the info required to validate the document.
The processing contains of three steps, core generation, core validation and core signature syntax.
Core generation is further divided into two levels, reference generation and signature generation. In reference generation for every data object that has been signed, transforms are applied according the data object determined by the application. The value of the signature is calculated for the data object and then the signature element is constructed which will include the objects and the signed information.
In Signature generation the process that is followed is using the signature method, canonicaliztion method and references, a signed info element is created. Using the algorithms in the signature info the value of the signed object is calculated and then the signature element is constructed which will include the objects and the signature, key info and the signature value.
Core validation is further divided into two steps. These are the signature validation and reference validation. Some times in an application there may be some valid signatures but the application fails to validate these signatures. It may be caused due to the failure in implementation of a few parts in the specification or unwillingness to identify specific algorithms or even universal resource identifiers.
In the reference validation process the signed information element is canonicalized using the canonicalization method in the signed info. Then the data object is obtained and digested. The resulting data is digested or disintegrated using the digest method obtained from the reference specification and then the digest value is generated and compared to the digest value in the signed information reference. If there is any mismatch or inequality in the values the validation will fail and will be unsuccessful.
In the signature validation process the keying information is obtained either from an external source or in the key info and the canonical form of the signature info is obtained using the canonicalization method and the obtained result is used to validate the signature value and the signature info element.
Core signature syntax provides information on the features the core signature. These features are important and a must for the function of the program or its implementation.
XML and Universal Resource Identifier Attributes
The Universal Resource Identifier or the URI is used to identify the object and it uses the URI reference. The URI attributes and the XML follow the same set of characters which is called the Unicode. And the disallowed characters are converted into Octets. The URI follows a specific reference processing model.
The RPM or Reference Processing Model
If a certain data type has octets then the signature application will make an attempt to parse the octets. If the data type is a node set then the signature application has to attempt to convert the node sets into octets using the canonicalization method and then parse the octets.
Sometimes the reference validation may fail if the fragments processing has not been done in a standardized way. The proxies will not validate them.
An overview of the controls, authorization and authentication
On the internet the control parameters are established to recognize who can access the information and why they are accessing the information because in many cases information that is critical to a business is being divulged. The control or access control is established by two components.
The authentication component identifies the person and who is accessing the information. The authorization component establishes the reasons and what the person is allowed to do with the information. Basically both these processes ask these questions, who are you? And what are you allowed to do?
In e commerce business transactions are highly complex and they are carried out across several varied platforms and servers, information is exchanged between many servers due to which security has become very complicated. These two components of the XML security achieve the standards of keeping the data secure in a simple fashion.
What exactly does the Authorization component do? It breaks down information further into questions; one is policies and second is distribution. At the policy level it analyzes the data from different sources and looks into it carefully to declare authorizations and rules related to who can do what. At the distribution level it decides who can do what and then distributes the rights to the applications to carry out their tasks.
Some of the authorization services can be:
Credit rating: A number of authorization services which are at premium level are available and they provide information like credit ratings, approvals, rejections etc; you need certain interfaces to carry out the transactions and access this data. XML security uses the authorization here for these kinds of business services.
Exchange of business information: Exchange of information between businesses needs authorization and authentication. This exchange of information is possible using the XML security process
Data related to health Care: health care data is treated with care and needs to be extremely confidential. The health care services are common but much fragile and need to be secure too. There should be immediate accessibility also. Security can be created here even as information is being passed from one provider to another and the access can be controlled at the same time.
Another important feature in most business transactions is exchange of money. XMLPay is a web service which enables a payment gateway. It provides connectivity to major financial institutions. It is useful to both Business to consumer and Business to Business portals. XML Pay enables point to point business transactions and enabling business organizations to carry out e commerce transactions freely over the web and avoiding the need to use the legacy payment technologies.
The XML is useful especially when the buyer needs to forward an X amount to the seller and the seller needs to record that payment using a payment processor. The typical XML components involved in a payment transaction are XML pay core which has the basic data types that go into a business transaction between business operations. This function is the heart of the XML pay system. XML Pay registration captures all information that is exchanged while registration or enrollment and also configuration. XML pay reports gather all the payment information and then reports the payment so that the transaction can be carried out successfully and securely.
