Overview
For many developers, Extensible Markup Language (XML) is the environment of choice for creating today's technologically sophisticated and security-sensitive Web applications. This hands-on guide combines a strong foundation in XML with proven, practical techniques for enabling the secure transmission of data across the Web.
Broad-based and comprehensive, Secure XML fully documents every feature and issue involved with XML security. This hands-on guide begins with a complete introduction to XML, the book goes on to cover authentication, canonicalization, keying, encryption, and algorithms in comprehensive detail. The book's practical focus intertwines helpful notes, historical background information, illuminating guidelines, and "soapbox" or heretical comments. In all, this book features the most comprehensive roadmap to digital security and XML encryption available.
Topics covered in-depth include:
- XML basics—documents, namespaces, structures, and stylesheets
- Document type definitions and schemas
- XPath, XPointer, and SOAP
- Digital cryptography basics—secret and public key ciphers, asymmetric keys, digital signatures, and certificates
- XML canonicalization, signatures, and authentication
- Key management and combining encryption with signatures
- Cryptographic algorithms and non-cryptographic algorithms
Detailed and practical, Secure XML provides reliable solutions for securing XML and for safeguarding information flow across today's sophisticated Web.
Editorials
From Barnes & Noble
The Barnes & Noble ReviewXML is practically all things to all people. But nobody ever called it secure. That’s about to change.
In Secure XML, Donald Eastlake, who chairs the IETF/W3C XML Digital Signature Working Group, offers an insider’s look at most of the crucial work now underway to provide 100 percent XML-based security solutions enterprises can rely upon.
Eastlake and coauthor Kitty Niles offer authoritative coverage of four core aspects of XML security. These include authentication via XML Digital Signatures (XMLDSIG) and XML encryption, in which an XML element contains or refers to the cipher text, keying information, and algorithms. They also include key management using the XML KeyInfo element; and “canonicalization,” an amazingly clumsy term for extracting the standard form of some data and discarding the superficial elements. (You need to “canonicalize” data before you can sign it, but doing so isn’t as easy as you might hope.)
XML security is a work in progress, as crucial standards rapidly emerge. For example, the authors preview advanced extensions to XML digital signatures intended to meet Europe’s stringent requirements for e-commerce; and the latest working draft of the Decryption Transform for XML Signature, which makes it easier to verify XML signatures when some data has been encrypted before the signature was applied, and some afterwards.
While the book’s nearly comprehensive, a few security-related XML technologies have been deliberately omitted, notably XACML and SAML. The authors have sought to focus on the “guts” of the technologies most crucial to delivering interoperable XML-based authentication and confidentiality mechanisms. In this, they’ve succeeded well. Bill Camarda
Bill Camarda is a consultant, writer, and web/multimedia content developer. His 15 books include Special Edition Using Word 2000 and Upgrading & Fixing Networks For Dummies®, Second Edition.