[26] </Signature>

The signature element now encompasses the whole order, and the ticket elements is now embedded within it (lines 16 to 24 ). We have now encrypted the credit card details that were between lines 7 to 11 of the previous listing. The Transform element on line 6 to 10, indicates that there are two transform references. The first, decryption (in lines 6 to 8) and canonizations (in line 9). The Decryption Transform, decrypts all the data, except for that on line 7, “enc1”, as specified in the DataReference element. Once this decryption in the EncryptedData element has taken place, the signature is verified. This signature verification information is in the signature value element.

Other security specifications

XML security is still inadequate, and has some way to go before it will be fully accepted. The other specifications that have been raised to address various issues are:

￿SAML :Security Assertion Markup Language - "XML security standard for exchanging authentication and authorization information."

￿XACML : eXtensible Access Control Markup Language - A language used for define rules and access privileges for XML documents.

￿XKMS : W3C’s XML Key Management Specification published in March 2001. This document specifies protocols for distributing and registering public keys

Visit following Web sites to read more details.

W3C Signature Work Group at:

http://www.w3.org/Signature

W3C Decryption Transform for XML Signature at:

http://www.w3.org/TR/xmlenc-decrypt

Enabling XML Security: An Introduction to XML encryption and XML Signature by Murdoch Mactaggart at:

http://www-106.ibm.com/developerworks/xml/library/s-xmlsec.html/index.h tml

2.8 XML query language

In February 2001, W3C published a working draft for the XML query language. In April 2002, another working draft was published. These papers had heavy IBM involvement. When the publication is a working draft, it can be updated, replaced

40 The XML Files: Development of XML/XSL Applications Using WebSphere Studio

Page 56
Image 56
IBM Version 5 manual XML query language, Other security specifications