|
Article Excerpt
While the flexibility, extensibility, and simplicity of XML have made life easier for a lot of business application developers, the core XML specification doesn't address security in any way. The openness of XML doesn't make security any easier, and developers who leverage the benefits of XML are still left with the daunting task of finding a way to secure their data. While data security can have various meanings in different situations, the fundamental ideas that concern us here are the integrity and confidentiality of the data.
Ensuring data integrity means making sure that the data cannot be tampered with without detection. Digital signature algorithms can provide this type of security. When a signature is combined with trusted authentication of the signer, it can also provide legal evidence that a particular person signed the data, making it difficult to repudiate such a signature later.
Data confidentiality is required when the data must be concealed from everyone except for its intended recipients. Strong symmetric key encryption algorithms are typically used to accomplish this task.
An E-Business Example
Imagine the following scenario: Alice's Retail Goods frequently orders products from Bob's Wholesale Goods. Every time Alice orders another shipment of products from Bob, Bob creates a purchase order. The purchase order is an XML document that contains information about the order, Alice's billing information, and Bob's bank account information (see Listing 1).
LISTING 1 Pogo Sticks $10.99 50 $549.50 Frisbees $2.99 100 $299.00 848.50 59.40 907.90 Alice's Retail Goods 1234 567890 12345 123 East 45th New York NY 67890 (555)555-5555 Bob's Wholesale Goods 123-1234567-12 321 West 54th New York NY 67980 (555)444-4444
After Bob generates the purchase order, he sends it to his bank. The bank charges Alice's credit card for the total price of the order and transfers that amount to Bob's bank account. The system is very simple and straightforward.
All goes well for a time, but eventually a series of disputes over submitted purchase orders prompts the bank to institute new security measures. The bank now requires that each purchase order be digitally signed before it is submitted to the bank.
What Is a Digital Signature?
Digital signatures are an important element in electronic security because they can be used to ensure the integrity, authenticity, and nonrepudiability of data. Simply defined, a digital signature is an encrypted hash of an electronic document. Commonly used digital signature schemes such as RSA and DSA employ a...
|
|
More articles from XML Journal
XML authoring and editing tools: characteristics and limitations., December 01, 2002
EPA simplifies multistate data exchange with XML: a pilot project. (Da..., December 01, 2002
Introduction to SALT: unleashing the potential. (SALT)., December 01, 2002
World Wide Web Consortium publishes XForms 1.0 as a W3C candidate reco..., December 01, 2002
NeoCore broadens XML connectivity through data junction alliance. (XML..., December 01, 2002
Looking for additional articles?
Search our database of over 3 million articles.
Looking for more in-depth information on this industry?
Search our complete database of Industry & Market reports by text, subject, publication
name or publication date.
About Goliath
Whether you're looking for sales prospects, competitive information, company
analysis or best practices in managing your organization,
Goliath can help you meet your business needs.
Our extensive business information databases empower business
professionals with both the breadth and depth of credible,
authoritative information they need to support their business
goals. Whether it be strategic planning, sales prospecting,
company research or defining management best practices -
Goliath is your leading source for accurate information.
|
|
