DocumentCode
3387825
Title
XML Security beyond XSLT
Author
Farzaneh, Kayvan ; Doroodchi, Mahmood
Author_Institution
IR Telecom Res. Center, IR & Cardinal Stritch Univ., Milwaukee, WI
fYear
2006
fDate
Nov. 2006
Firstpage
1
Lastpage
5
Abstract
Extensible Markup Language (XML) is the \´love-child" of the World Wide Web Consortium (W3C). XML is expected to facilitate Internet B2B messaging because of its simplicity and flexibility. One big concern that customer may have in doing Internet B2B messaging is security. Therefore considering some security features in XML such as element-wise encryption, digital signature and access control that are beyond the capability of the transport-level security protocol such as SSL is of interest. We describe some access control model for XML documents and then perform some cryptographic transformations on it. For this reason, XSLT (Extensible Stylesheet Language Transformations) may well have sufficient functionality to perform all reasonable cryptographic transformations. We examine this question by describing a real world XML application whose security requirements are more complex than for a simple document; proposing an access control model using XML document, we present encryption operation in the document using XSLT; and identify the constraints and those features of XSLT which must be applied to meet the application requirements and then we examine "extension functions" as a solution to enhance the abilities of XSLT. We conclude that XSLT is only adequate in the proposed scenario and trying to extract additional functionality, such as the application of an encryption algorithm, leads to unacceptable complexity and constrains the ways in which documents can be encrypted
Keywords
XML; authorisation; cryptography; Extensible Markup Language; Extensible Stylesheet Language Transformations; Internet B2B messaging; XML documents; XML security; access control model; cryptographic transformation; digital signature; element-wise encryption; Access control; Access protocols; Cryptographic protocols; Cryptography; Digital signatures; Internet; Security; Transport protocols; Web sites; XML; XML; XSLT; security;
fLanguage
English
Publisher
ieee
Conference_Titel
Innovations in Information Technology, 2006
Conference_Location
Dubai
Print_ISBN
1-4244-0674-9
Electronic_ISBN
1-4244-0674-9
Type
conf
DOI
10.1109/INNOVATIONS.2006.301953
Filename
4085468
Link To Document