Internet and Wireless Security

A Selkirk
Over the past twenty years, there have been security standards created on a wide range of subjects, from constructing digital signatures to formalising access control mechanisms. Standards groups such as ISO [1] and the IETF [2] have constructed security protocols for solving common security problems involving communicating networked machines. Many of these standards are being reconstructed using XML as a syntax. Understanding why this process is taking place and why it is important is not easy. It requires an understanding of XML, a technology originally intended to solve certain Web browser issues. The positioning of XML as a key business technology necessitates security standards to safeguard transactions. Constructing these standards in XML allows better interoperability with application data. However, that is only part of the story XML can also be used to construct new security mechanisms with better functionality. This chapter explores XML, XML Signature, and the standards that are being constructed to make use of them.
The first two sections provide background history and a quick explanation of XML, which can be skipped over by those who already understand XML. The XML Signature [3] standard is presented in depth, explaining the novel features that it employs. The XML family of technologies includes many that are used by XML Signature (and the XML security protocols), such as XML Schema, XML Namespaces and XSLT. How XML can utilise encryption mechanisms is discussed.