From the Back Cover
Extensible Markup Language (XML) is the environment of choice for creating many of today's technologically sophisticated and security-sensitive Web applications. With Secure XML, developers now have the hands-on guide they need to combine a strong foundation in XML with proven, practical techniques for enabling the secure transmission of data across the Web.
Broad-based and comprehensive, Secure XML fully documents every feature and issue involved with XML security. Opening with a complete introduction to XML, the book then provides detailed coverage of authentication, canonicalization, keying, encryption, algorithms, and more. Notes, background information, guidelines, and "soapbox," or heretical comments, expand on the book's practical focus throughout. In all, this book features the most comprehensive roadmap to digital security and XML encryption available.
Topics covered in-depth include:
- XML basics—documents, namespaces, structures, DTDs and schemas, and stylesheets
- XPath, XPointer, and SOAP
- Digital cryptography basics--secret and public key ciphers, asymmetric keys, digital signatures, and certificates
- XML canonicalization, signatures, and authentication
- XML encryption
- Key management and combining encryption with signatures
- Cryptographic algorithms and noncryptographic algorithms
Detailed and practical, this book provides reliable solutions for securing XML and for safeguarding information flow across today's sophisticated Web.
About the Author
Donald E. Eastlake III, is the co-chairman of the joint IETF/W3C XML Digital Signature working group, a member of the W3C Encryption and W3C XML Key Management System working groups, and co-author of the XML Digital Signature, XML Encryption, and XML Exclusive Canonicalization standards. He has been deeply involved in network and financial transaction security for many years with IBM, CyberCash, and Digital Equipment Corporation, and is now at Motorola as a Distinguished Member of Technical Staff. He was the principal author of the current IETF Domain Name System security standard and is chairman of the e-Commerce oriented IETF TRADE working group. He has four patents.
Earlier efforts in his three decades of work with computer technology include contributions to the Greenblatt Chess Program at MIT, the first computer program to plan chess in tournament competition and be granted a chess rating, and project management of the Data Computer at Computer Corporation of America, the first general purpose terabit data management system on the Internet.
Kitty Niles is a freelance technical writer. She was previously a technical writer and online help designer and developer at Digital Equipment Corporation and Process Software Corporation. Her more than two decades of involvement with computer technology have included numerous Digital and Society of Technical Communications documentation awards. Her background includes paleobotany research, medical and environmental research, teaching, and technical illustrating. She is a member of the New York Academy of Sciences (NYAS), the HTML Writers Guild, the Society of Technical Communications, and assorted environmental and conservation groups.