• DocumentCode
    3387825
  • Title

    XML Security beyond XSLT

  • Author

    Farzaneh, Kayvan ; Doroodchi, Mahmood

  • Author_Institution
    IR Telecom Res. Center, IR & Cardinal Stritch Univ., Milwaukee, WI
  • fYear
    2006
  • fDate
    Nov. 2006
  • Firstpage
    1
  • Lastpage
    5
  • Abstract
    Extensible Markup Language (XML) is the \´love-child" of the World Wide Web Consortium (W3C). XML is expected to facilitate Internet B2B messaging because of its simplicity and flexibility. One big concern that customer may have in doing Internet B2B messaging is security. Therefore considering some security features in XML such as element-wise encryption, digital signature and access control that are beyond the capability of the transport-level security protocol such as SSL is of interest. We describe some access control model for XML documents and then perform some cryptographic transformations on it. For this reason, XSLT (Extensible Stylesheet Language Transformations) may well have sufficient functionality to perform all reasonable cryptographic transformations. We examine this question by describing a real world XML application whose security requirements are more complex than for a simple document; proposing an access control model using XML document, we present encryption operation in the document using XSLT; and identify the constraints and those features of XSLT which must be applied to meet the application requirements and then we examine "extension functions" as a solution to enhance the abilities of XSLT. We conclude that XSLT is only adequate in the proposed scenario and trying to extract additional functionality, such as the application of an encryption algorithm, leads to unacceptable complexity and constrains the ways in which documents can be encrypted
  • Keywords
    XML; authorisation; cryptography; Extensible Markup Language; Extensible Stylesheet Language Transformations; Internet B2B messaging; XML documents; XML security; access control model; cryptographic transformation; digital signature; element-wise encryption; Access control; Access protocols; Cryptographic protocols; Cryptography; Digital signatures; Internet; Security; Transport protocols; Web sites; XML; XML; XSLT; security;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Innovations in Information Technology, 2006
  • Conference_Location
    Dubai
  • Print_ISBN
    1-4244-0674-9
  • Electronic_ISBN
    1-4244-0674-9
  • Type

    conf

  • DOI
    10.1109/INNOVATIONS.2006.301953
  • Filename
    4085468