Featured White Papers

• Why choose an Open Source BPM?
• 10 FAQs on Business Process Management
• Best Practices for Getting Started with BPM
• Free Your Devs From The Pain Of Java Redeploys
• Increase Velocity 40% by Using JRebel
• What Developers Want: The End of Application Redeploys
• Developer Productivity Report: Java Tools, Tech, Devs, and Data
• Coding with JRebel: Java Forever Changed
• Utilizing Fast Testing to Transform Java Development
• Do You Really Get Classloaders?
• Pragmatic Continuous Delivery with Jenkins, Nexus, and LiveRebel
• Your Next Java Web App: Less XML, No Long Restarts, Fewer Hassles
• Coding with JRebel, Java Forever Changed
• 2012 Developer Productivity Report: Java Tools, Tech, Devs, and Data

Sponsored Links

• APIs for Java Programmers: Manage & Convert DOC, XLS, PPT, PDF & More

• Instantly Preview Java Code Changes: JRebel.com

Sponsored Links

Optimize with a SATA RAID Storage Solution
Range of capacities as low as $1250 per TB. Ideal if you currently rely on servers/disks/JBODs

Secure your SOA

Enterprise-grade SOAs require a plan for addressing diverse security needs

By Ash Parikh, Anthony Sangha and Murty Gurajada, JavaWorld.com, 04/10/06

Page 3 of 6

XML-Signature Syntax and Processing, a W3C recommendation, provides integrity, message authentication, and signer authentication services. XML signatures are digital signatures designed for use in XML transactions. The standard defines a schema for capturing the result of a digital signature operation applied to arbitrary (but often XML) data. Like non-XML-aware digital signatures (e.g., Public-Key Cryptography Standards, or PKCS), XML signatures add authentication, data integrity, and support for nonrepudiation to the data they sign. However, unlike non-XML-Signature Syntax and Processing standards, XML-Signature Syntax and Processing has been designed to both acknowledge and leverage the Internet and XML.

Digital certificates are electronic files that act like online passports. They are issued by a trusted third party, a certificate authority (CA), which verifies the identity of the certificate's holder.

XKMS, a W3C note, simplifies the securing of XML-based Internet transactions using public key infrastructure (PKI) and digital certificates. It specifies protocols for distributing and registering public keys suitable for use in conjunction with W3C's XML-Signature Syntax and Processing. XKMS is composed of two parts—the XML Key Information Service Specification (X-KISS) and the XML Key Registration Service Specification (X-KRSS).

As understood from the supply-chain use-case referenced earlier, accessing information over the Internet is essential to the solution. Web services allow such functionality as they permit the exchange of information over a network. Web services are based on three key standards:

• SOAP (Simple Object Access Protocol), a protocol for data transmission
• WSDL (Web Services Description Language), a language for the description of Web services
• UDDI (Universal Description, Discovery, and Integration), a registry for locating a Web service

Note that all of the above can be defined in XML. However, two issues must be specifically addressed in our supply-chain solution:

• Restricting access to XML-based Web services to authorized users. This is addressed by XACML (Extensible Access Control Markup Language) and WS-Policy standards.
• Protecting the integrity and confidentiality of XML messages exchanged in a Web services environment. This is addressed by Web Services Security (WSS) and Security Assertion Markup Language (SAML).

This article provides a brief overview of WS-Policy, WSS, SAML, XACML, and how security is empowered by XQuery and XML databases. WSS provides message protection in a SOAP environment. SAML and XACML support authorization and offer considerable support for large-scale distributed systems. Most importantly, all these standards represent information using XML. WS-Policy, WSS, SAML, and XACML all have some commonalities. While all of these standards enable security services used in previous years, each has specific features intended to make them suitable for large-scale, distributed environments, such as the Internet. Additionally, these standards reference and incorporate preexisting security standards.