Abstract :
XML and Web services are widely used in current distributed systems. The security of the XML based communication, and the Web services themselves, is of great importance to the overall security of these systems. Furthermore, in order to facilitate interoperability, the security mechanisms should preferably be based on established standards. In this paper we provide a tutorial on current security standards for XML and Web services. The discussed standards include XML Signature, XML Encryption, the XML Key Management Specification (XKMS), WS-Security, WS-Trust, WS-SecureConversation, Web Services Policy, WS-SecurityPolicy, the eXtensible Access Control Markup Language (XACML), and the Security Assertion Markup Language (SAML).
Keywords :
Web services; XML; cryptography; digital signatures; open systems; Security Assertion Markup Language; WS-SecureConversation; WS-Trust; Web services policy; Web services security standard; XML encryption; XML key management specification; XML security standard; XML signature; distributed system; eXtensible Access Control Markup Language; interoperability; Access control; Communication system security; Cryptography; Digital signatures; Information security; Markup languages; Service oriented architecture; Simple object access protocol; Web services; XML; Security, XML, Web services, SOA, distributed systems;
