Abstract
The extensible markup language (XML) is a markup language promoted by the World Wide Web consortium (W3C). XML overcomes the limitations of hypertext markup language (HTML) and represents an important opportunity to solve the problem of protecting information distributed on the Web, with the definition of access restrictions directly on the structure and content of the document. This chapter summarizes the key XML security technologies and provides an overview of how they fit together and with XML. It should serve as a roadmap for future research and basis for further exploration of relevant scientific literature and standard specifications.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Apache XML Project. http://xml.apache.org/.
N. Bradley (2002). The XML Companion. Addison Wesley, 3rd edition.
OASIS Security Services TC. http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=security.
E. Newcomer (2002). Understanding Web Services: XML, WSDL, SOAP, and UDDI. Addison Wesley.
P. Samarati, S. De Capitani di Vimercati (2001). Access control: Policies, models, and mechanisms. In Focardi R, Gorrieri R, editors, Foundations of Security Analysis and Design, LNCS 2171. Springer-Verlag.
XML Encryption Syntax and Processing, W3C Recommendation (2002). http://www.w3.org/TR/xmlenc-core/.
XML-Signature Syntax and Processing, W3C Recommendation (2002). http://www.w3.org/TR/xmldsig-core/.
D. Box et al. (2000). Simple Object Access Protocol (SOAP) version 1.1. http://www.w3.org/TR/SOAP.
E. Damiani, S. De Capitani di Vimercati, S. Paraboschi, P. Samarati (2002). Securing SOAP E-services. International Journal of Information Security (IJIS), 1(2):100–115.
E. Damiani, S. De Capitani di Vimercati, P. Samarati (2002). Towards securing XML web services. In Proc. of the 2002 ACM Workshop on XML Security, Washington, DC, USA.
OASIS eXtensible Access Control Markup Language TC. http://www.oasisopen.org/committees/tc_home.php?wg_abbrev=xacml.
T. Moses (2005). eXtensible Access Control Markup Language (XACML) version 2.0. http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-corespec-os.pdf.
B. Galbraith, W. Hankinson, A. Hiotis, M. Janakiraman, D.V. Prasad, R. Trivedi, D. Whitney (2002). Professional Web Services Security. Wrox Press.
A. Arsenault, S. Turner (2002). Internet X.509 Public Key Infrastructure: Roadmap. Internet Draft, Internet Engineering Task Force.
A. Essiari, S. Mudumbai, M.R. Thompson (2003). Certificate-Based Authorization Policy in a PKI Environment. ACM Transactions on Information and System Security, 6(4):566–588.
W. Ford et al (2001). XML Key Management Specification (XKMS), W3C Note. http://www.w3.org/TR/xkms/.
E. Damiani, S. De Capitani di Vimercati, S. Paraboschi, P. Samarati (2000). Securing XML documents. In Proc. of the 2000 International Conference on Extending Database Technology (EDBT2000), Konstanz, Germany.
E. Damiani, S. De Capitani di Vimercati, S. Paraboschi, P. Samarati (2002). A fine-grained access control system for XML documents. ACM Transactions on Information and System Security (TISSEC), 5(2):169–202.
A. Gabillon (2004). An authorization model for XML databases. In Proc. of the ACM Workshop Secure Web Services, George Mason University, Fairfax, VA, USA.
A. Gabillon, E. Bruno (2001). Regulating access to XML documents. In Proc. of the Fifteenth Annual IFIP WG 11.3 Working Conference on Database Security, Niagara on the Lake, Ontario, Canada.
C.A. Ardagna, E. Damiani, S. De Capitani di Vimercati, P. Samarati (2004). XML-based access control languages. Information Security Technical Report.
S. Bajaj et al (2004). Web Services Policy Framework (WS-Policy). http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnglobspec/html/ws-policy.asp.
B. Atkinson, G. Della-Libera et all (2002). Web services security (WS-Security). http://msdn.microsoft.com/library/en-us/dnglobspec/html/ws-security.asp.
Object Management Group. The CORBA Security Service Specification. ftp://ftp.omg.org/pub/docs/ptc.
D. Box et al. (2003). Web Services Policy Assertions Language (WSPolicyAssertions) version 1.1. http://msdn.microsoft.com/library/en-us/dnglobspec/html/ws-policyassertions.asp.
G. Della-Libera et al (2005). Web Services Security Policy Language (WS-SecurityPolicy). http://msdn.microsoft.com/library/en-us/dnglobspec/html/ws-securitypolicy.pdf.
S. Bajaj et al. (2006). Web Services Policy Attachment (WS-PolicyAttachment) version 1.2. http://msdn.microsoft.com/library/en-us/dnglobspec/html/wspolicyattachment.asp.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Ardagna, C.A., Damiani, E., De Capitani di Vimercati, S., Samarati, P. (2007). XML Security. In: Petković, M., Jonker, W. (eds) Security, Privacy, and Trust in Modern Data Management. Data-Centric Systems and Applications. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-69861-6_6
Download citation
DOI: https://doi.org/10.1007/978-3-540-69861-6_6
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-69860-9
Online ISBN: 978-3-540-69861-6
eBook Packages: Computer ScienceComputer Science (R0)