Filter
Top Products
Chapter 2. Technologies in XML 35
document of the same document. Also, we would like only different classes of
users to have access to different parts of the document. A airline agent may need
to know a passenger’s customer name and address, but does not need to know
the details of their credit card. A passenger boarding officer does not need to
have access to the passenger’s personal details, while the airline would want to
know more information about the passenger for marketing purposes.
It is fairly easy to encrypt a whole document, however, difficulty arises when
parts of a document needs to be signed by different people, and when this is to
be done with selective encryption.
One of the strengths of XML languages is that searching is clear and
unambiguous: The DTD or schema provides information syntax of the XML
document. If a document subsection including tags is encrypted as a whole, then
we are unable to search for data relevant for those tags. Also, the tags may
sometimes need to be hidden, and if they are known, could compromise security.
When sending secure data across the Internet, we need four things:
Confidentially: No one else can access or copy the data.
Integrity: The data is not altered as it gets transmitted from the sender to the
receiver.
Authentication: The document actually came from the purported sender.
Nonrepudiability: The sender cannot deny that they sent it, and the sender
also cannot deny the contents of the data.
The first three functions are provided for the Secure Sockets Layer (SSL). The
last function is provided for by the XML Security Suite.
The XML Security Suite provides several important functions:
XML Signatures: This implementation is based on the XML-Signature Core
Syntax and Processing specification being developed by W3C and the
Internet Engineering Task Force (IETF).
An implementation of the W3C's Canonical XML working draft
Element-level encryption
The XML signature and XML encryption are two initiatives designed to both
account for and take advantage of the special nature of XML data. These
initiatives are currently progressing through the standardization process. The
XML Signature initiative is a joint effort between the World Wide Web Consortium
(W3C) and Internet Engineering Task Force (IETF), and XML Encryption is solely
W3C effort.