Skip to main content
SpringerLink
Log in
Book cover

Security, Privacy, and Trust in Modern Data Management pp 71–86Cite as

XML Security

  • Chapter

Part of the book series: Data-Centric Systems and Applications ((DCSA))

Abstract

The extensible markup language (XML) is a markup language promoted by the World Wide Web consortium (W3C). XML overcomes the limitations of hypertext markup language (HTML) and represents an important opportunity to solve the problem of protecting information distributed on the Web, with the definition of access restrictions directly on the structure and content of the document. This chapter summarizes the key XML security technologies and provides an overview of how they fit together and with XML. It should serve as a roadmap for future research and basis for further exploration of relevant scientific literature and standard specifications.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   99.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   129.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD   179.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Apache XML Project. http://xml.apache.org/.

    Google Scholar 

  2. N. Bradley (2002). The XML Companion. Addison Wesley, 3rd edition.

    Google Scholar 

  3. OASIS Security Services TC. http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=security.

    Google Scholar 

  4. E. Newcomer (2002). Understanding Web Services: XML, WSDL, SOAP, and UDDI. Addison Wesley.

    Google Scholar 

  5. P. Samarati, S. De Capitani di Vimercati (2001). Access control: Policies, models, and mechanisms. In Focardi R, Gorrieri R, editors, Foundations of Security Analysis and Design, LNCS 2171. Springer-Verlag.

    Google Scholar 

  6. XML Encryption Syntax and Processing, W3C Recommendation (2002). http://www.w3.org/TR/xmlenc-core/.

    Google Scholar 

  7. XML-Signature Syntax and Processing, W3C Recommendation (2002). http://www.w3.org/TR/xmldsig-core/.

    Google Scholar 

  8. D. Box et al. (2000). Simple Object Access Protocol (SOAP) version 1.1. http://www.w3.org/TR/SOAP.

    Google Scholar 

  9. E. Damiani, S. De Capitani di Vimercati, S. Paraboschi, P. Samarati (2002). Securing SOAP E-services. International Journal of Information Security (IJIS), 1(2):100–115.

    Article  MATH  Google Scholar 

  10. E. Damiani, S. De Capitani di Vimercati, P. Samarati (2002). Towards securing XML web services. In Proc. of the 2002 ACM Workshop on XML Security, Washington, DC, USA.

    Google Scholar 

  11. OASIS eXtensible Access Control Markup Language TC. http://www.oasisopen.org/committees/tc_home.php?wg_abbrev=xacml.

    Google Scholar 

  12. T. Moses (2005). eXtensible Access Control Markup Language (XACML) version 2.0. http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-corespec-os.pdf.

    Google Scholar 

  13. B. Galbraith, W. Hankinson, A. Hiotis, M. Janakiraman, D.V. Prasad, R. Trivedi, D. Whitney (2002). Professional Web Services Security. Wrox Press.

    Google Scholar 

  14. A. Arsenault, S. Turner (2002). Internet X.509 Public Key Infrastructure: Roadmap. Internet Draft, Internet Engineering Task Force.

    Google Scholar 

  15. A. Essiari, S. Mudumbai, M.R. Thompson (2003). Certificate-Based Authorization Policy in a PKI Environment. ACM Transactions on Information and System Security, 6(4):566–588.

    Article  Google Scholar 

  16. W. Ford et al (2001). XML Key Management Specification (XKMS), W3C Note. http://www.w3.org/TR/xkms/.

    Google Scholar 

  17. E. Damiani, S. De Capitani di Vimercati, S. Paraboschi, P. Samarati (2000). Securing XML documents. In Proc. of the 2000 International Conference on Extending Database Technology (EDBT2000), Konstanz, Germany.

    Google Scholar 

  18. E. Damiani, S. De Capitani di Vimercati, S. Paraboschi, P. Samarati (2002). A fine-grained access control system for XML documents. ACM Transactions on Information and System Security (TISSEC), 5(2):169–202.

    Article  Google Scholar 

  19. A. Gabillon (2004). An authorization model for XML databases. In Proc. of the ACM Workshop Secure Web Services, George Mason University, Fairfax, VA, USA.

    Google Scholar 

  20. A. Gabillon, E. Bruno (2001). Regulating access to XML documents. In Proc. of the Fifteenth Annual IFIP WG 11.3 Working Conference on Database Security, Niagara on the Lake, Ontario, Canada.

    Google Scholar 

  21. C.A. Ardagna, E. Damiani, S. De Capitani di Vimercati, P. Samarati (2004). XML-based access control languages. Information Security Technical Report.

    Google Scholar 

  22. S. Bajaj et al (2004). Web Services Policy Framework (WS-Policy). http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnglobspec/html/ws-policy.asp.

    Google Scholar 

  23. B. Atkinson, G. Della-Libera et all (2002). Web services security (WS-Security). http://msdn.microsoft.com/library/en-us/dnglobspec/html/ws-security.asp.

    Google Scholar 

  24. Object Management Group. The CORBA Security Service Specification. ftp://ftp.omg.org/pub/docs/ptc.

    Google Scholar 

  25. D. Box et al. (2003). Web Services Policy Assertions Language (WSPolicyAssertions) version 1.1. http://msdn.microsoft.com/library/en-us/dnglobspec/html/ws-policyassertions.asp.

    Google Scholar 

  26. G. Della-Libera et al (2005). Web Services Security Policy Language (WS-SecurityPolicy). http://msdn.microsoft.com/library/en-us/dnglobspec/html/ws-securitypolicy.pdf.

    Google Scholar 

  27. S. Bajaj et al. (2006). Web Services Policy Attachment (WS-PolicyAttachment) version 1.2. http://msdn.microsoft.com/library/en-us/dnglobspec/html/wspolicyattachment.asp.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Università degli Studi di Milano, Italia

    Claudio A. Ardagna, Ernesto Damiani, Sabrina De Capitani di Vimercati & Pierangela Samarati

Authors
  1. Claudio A. Ardagna
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ernesto Damiani
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Sabrina De Capitani di Vimercati
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Pierangela Samarati
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Philips Research Europe, High Tech Campus 34, 5656 AE, Eindhoven, The Netherlands

    Milan Petković

  2. Philips Research Europe, Philips Research / Twente University, High Tech Campus 34, 5656 AE, Eindhoven, The Netherlands

    Willem Jonker

Rights and permissions

Reprints and permissions

Copyright information

© 2007 Springer-Verlag Berlin Heidelberg

About this chapter

Cite this chapter

Ardagna, C.A., Damiani, E., De Capitani di Vimercati, S., Samarati, P. (2007). XML Security. In: Petković, M., Jonker, W. (eds) Security, Privacy, and Trust in Modern Data Management. Data-Centric Systems and Applications. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-69861-6_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-69861-6_6

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-69860-9

  • Online ISBN: 978-3-540-69861-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation