Abstract :
XML schemas convey the data syntax and semantics for various application domains, such as business-to-business transactions, medical records, and production status reports. However, these schemas seldom address security issues, which can lead to a worst-case scenario of systems and protocols with no security at all. At best, they confine security to transport level mechanisms such as secure sockets layer (SSL). On the other hand, the omission of security provisions from domain schemas opens the way for generic security specifications based on XML document and grammar extensions. These specifications are orthogonal to domain schemas but integrate with them to support a variety of security objectives, such as confidentiality, integrity, and access control. In 2002, several specifications progressed toward providing a comprehensive standards framework for secure XML-based applications. The paper shows some of the most important specifications, the issues they address, and their dependencies.
Keywords :
Internet; data privacy; hypermedia markup languages; security of data; software standards; Security Assertion Markup Language; Web services security; XML; access control; data confidentiality; data integrity; domain schemas; grammar; secure sockets layer; standards; transport level mechanisms; Access control; Access protocols; Authentication; Markup languages; Permission; Public key; Security; Simple object access protocol; Web services; XML;
