perfectxml.com
 Basic Search  Advanced Search   
Topics Resources Free Library Software XML News About Us
  You are here: home Info Bank Book Reviews » Secure XML: The New Syntax for Signatures and Encryption Tuesday, 14 August 2007
Book Review: Secure XML: The New Syntax for Signatures and Encryption
The book Secure XML is an authoritative guide to learn about XML and issues involved with XML security. This book is organized and written to help you understand, design and develop secure XML applications.

The book is divided into 6 parts. The first part introduces the XML and the world of digital cryptography. The next section in the book makes sure you know all the necessary details on XML and family of standards. The second part covers XML basics, Namespaces, DTDs, Schemas, XPath, XPointer and SOAP.

The next four parts focus on XML security related details, covering XML digital signatures, XML encryption, and XML canonicalization. Part III deals with authentication that is digital signatures, message authentication codes, etc. Part IV talks about XKMS (XML Key Management System) and illustrates implementing cryptographic security using keys. Part V discusses XML Encryption in great detail. And finally, the part VI presents various cryptographic and non-cryptographic algorithms.

In summary, this is a perfect book that provides reliable solutions for securing XML and for safeguarding information flow across today's sophisticated Web.

Get this book now!



100%   (9 votes)

Would you recommend this book? :    Yes   No    
Additional Book Information

Publisher:    Addison-Wesley
ISBN #:    0201756056
Authors:    Donald E. Eastlake, Kitty Niles
Publish Date:    July 2002
Code:   
Errata:   
Online Discussions:   

Sample Chapter on perfectxml.com


Buy this book online

BookPool:    $27.95
Amazon:    $31.49
Fatbrain:    $31.49
Barnes & Noble:    $31.49
Chapters.ca:    $69.99

Summary of Contents

I. Introduction.

1. XML and Security.
XML.
Need for Secure XML.
Status of XML Security Standardization.
Work in Progress.

2. Digital Cryptography Basics.
Message Digests.
Message Authentication Code.
Secret or Symmetric Key Ciphers.
Public or Asymmetric Key Ciphers.
Asymmetric Keys and Authentication.
Digital Signatures.
Certificates.
Enveloped Encryption.
Canonicalization.
Randomness.
Other Facets of Security.
Cryptography is a Subtle Art.

II. XML BASICS.


3. The Extensible Markup Language.
Related Standards and Recommendations.
XML Documents.
XML Document Structure.
XML Document Logical Structure.
XML Namespaces.
XML Document Physical Structure.
XML and Stylesheets.

4. XML Document Type Definitions.
Introduction to DTDs.
Document Type Declaration.
Element Type Declarations.
Defining Attributes in DTDs.
Entity Reference Declarations.
Notation Declarations.

5. XML Schemas.
Overview.
Types.
Elements and Attributes.
Namespaces.
Miscellaneous.

6. XPath, a Basic Building Block.
Introduction.
Data Model.
Location Paths.
Expressions.
Function Library.

7. URIs, xml:base, and Xpointer.
URIs.
xml:base.
XPointer.

8. SOAP.
Introduction to SOAP.
SOAP Envelope, Message Exchange, and Processing Model.
SOAP Encoding.
SOAP Transport Binding and HTTP.
SOAP Remote Procedure Call.

III. CANONICALIZATION & AUTHENTICATION.


9. XML Canonicalization, the Key to Robustness.
Canonicalization, Essential for Signatures Over XML.
Canonical XML and XML Encryption.
Transformative Summary.
The XML Canonicalization Data Model.
Formal Generative Specification.
Limitations of XML Canonicalization.

10. XML Signatures and Authentication.
Introduction to XML Digital Signatures.
XML Signature Syntax.
XML Signature Examples.
Transforms and the Use of XPath.
Processing Rules.
Security of Signatures.

11. Profiling XMLDSIG for Applications.
P3P XMLDSIG.
SOAP XMLDSIG.

12. ETSI “Advanced” XML Signatures.
Levels of XAdES Siganture.
XAdES Signature Syntax Basics.
XAdES Signature Elements Syntax.
Validation Data Syntax.

IV. KEYING.


13. The KeyInfo Element.
The KeyValue Element.
The EncryptedKey Element.
The RetrievalMethod Element.
The AgreementMethod Element.
The KeyName Element.
The X509Data Element.
The PGPData Element.
The SPKIData Element.
The MgmtData Element.

14. XML Key Management.
The Key Information Service.
XKMS Common Data Elements.
The Key Registration Service.
XKMS Cryptographic Algorithms.
Security Considerations.

V. ENCRYPTION.


15. XML Encryption.
Introduction to XML Encryption.
XML Encryption Syntax.
Encryption Examples.
Processing Flow.
Encryption Security Considerations.

16. Combining Encryption and Signature.
General Considerations.
The Decryption Transform.

VI. ALGORITHMS.


17. Overview of Algorithms.
Algorithm Syntax.
Algorithm Roles.

18. Cryptographic Algorithms.
Message Digests.
Key Agreement Algorithms.
Message Authentication Codes.
Signature Algorithms.
Block Encryption Algorithms.
Stream Encryption Algorithms.
Key Transport Algorithms.
Symmetric Key Wrap Algorithms.

19. Non-Cryptographic Algorithms.
Canonicalization Algorithms.
Transformation Algorithms.

VII. APPENDIXES.


Appendix A. XML Security Implementations.
Appendix B. The W3C and W3C Documents.
Appendix C. The IETF and IETF Documents.
Appendix D. The NIST and NIST Documents.
Appendix E. The Paper versus Protocol Points of View.
Appendix F. SOAP Encoding Schema.
References and Acronyms.
  Contact Us | E-mail Us | Site Guide | About PerfectXML | Advertise ©2004 perfectxml.com. All rights reserved. | Privacy