Secure XML: The New Syntax for Signatures and Encryption [Paperback]

Donald E. Eastlake (Author), Kitty Niles (Author)

Book Description

Publication Date: July 19, 2002

As XML is more broadly used in both web sites and business applications, the need to insure security of XML based applications grows. Most books on XML have at best a chapter devoted to security issues, and there is only one other book currently on the market devoted exclusively to XML Security. This book will show developers all they need to know about how to use XML Digital Signatures to protect the integrity and authenticity of data, and how to use XML Encryption to control its confidentiality. The lead author is at the center of the IETF and W3C working groups formalizing the standards, so there is no one better qualified to write about them. The book will also appeal to networking/security professionals who need to start dealing with the impact of XML on network security.

Editorial Reviews

From the Back Cover

Extensible Markup Language (XML) is the environment of choice for creating many of today's technologically sophisticated and security-sensitive Web applications. With Secure XML, developers now have the hands-on guide they need to combine a strong foundation in XML with proven, practical techniques for enabling the secure transmission of data across the Web.

Broad-based and comprehensive, Secure XML fully documents every feature and issue involved with XML security. Opening with a complete introduction to XML, the book then provides detailed coverage of authentication, canonicalization, keying, encryption, algorithms, and more. Notes, background information, guidelines, and "soapbox," or heretical comments, expand on the book's practical focus throughout. In all, this book features the most comprehensive roadmap to digital security and XML encryption available.

Topics covered in-depth include:

• XML basics—documents, namespaces, structures, DTDs and schemas, and stylesheets
• XPath, XPointer, and SOAP
• Digital cryptography basics--secret and public key ciphers, asymmetric keys, digital signatures, and certificates
• XML canonicalization, signatures, and authentication
• XML encryption
• Key management and combining encryption with signatures
• Cryptographic algorithms and noncryptographic algorithms

Detailed and practical, this book provides reliable solutions for securing XML and for safeguarding information flow across today's sophisticated Web.

0201756056B06262002

About the Author

Donald E. Eastlake III, is the co-chairman of the joint IETF/W3C XML Digital Signature working group, a member of the W3C Encryption and W3C XML Key Management System working groups, and co-author of the XML Digital Signature, XML Encryption, and XML Exclusive Canonicalization standards. He has been deeply involved in network and financial transaction security for many years with IBM, CyberCash, and Digital Equipment Corporation, and is now at Motorola as a Distinguished Member of Technical Staff. He was the principal author of the current IETF Domain Name System security standard and is chairman of the e-Commerce oriented IETF TRADE working group. He has four patents.

Earlier efforts in his three decades of work with computer technology include contributions to the Greenblatt Chess Program at MIT, the first computer program to plan chess in tournament competition and be granted a chess rating, and project management of the Data Computer at Computer Corporation of America, the first general purpose terabit data management system on the Internet.

Kitty Niles is a freelance technical writer. She was previously a technical writer and online help designer and developer at Digital Equipment Corporation and Process Software Corporation. Her more than two decades of involvement with computer technology have included numerous Digital and Society of Technical Communications documentation awards. Her background includes paleobotany research, medical and environmental research, teaching, and technical illustrating. She is a member of the New York Academy of Sciences (NYAS), the HTML Writers Guild, the Society of Technical Communications, and assorted environmental and conservation groups.

0201756056AB05292002

See all Editorial Reviews

Product Details

• Paperback: 560 pages
• Publisher: Pearson Education; 1st edition (July 19, 2002)
• Language: English
• ISBN-10: 0201756056
• ISBN-13: 978-0201756050
• Product Dimensions: 9.2 x 7.3 x 1 inches
• Shipping Weight: 1.8 pounds
• Average Customer Review: 5.0 out of 5 stars  See all reviews (8 customer reviews)
• Amazon Best Sellers Rank: #2,085,942 in Books (See Top 100 in Books)

More About the Author

Discover books, learn about writers, read author blogs, and more.

Customer Reviews

Most Helpful Customer Reviews

34 of 35 people found the following review helpful:

5.0 out of 5 stars XML and cryptography?, October 6, 2002

By 

W Boudville (Terra, Sol 3) - See all my reviews
(VINE VOICE)    (TOP 1000 REVIEWER)    (HALL OF FAME REVIEWER)    (REAL NAME)   

This review is from: Secure XML: The New Syntax for Signatures and Encryption (Paperback)

Suppose you have XML data that you want to regularly
send to Bob, across the Internet. But it is of a
confidential nature, so you don't want to send it as
plaintext. Well, you can try using low level
encryptions, like SSL or TLS. But these don't give any
authentication, ie. Bob can't tell that you actually
sent them. Also, once Bob gets the messages, they are
all in plaintext, so he can't easily protect these
against others, if he is on a multiuser computer.

One answer is to incorporate encryption into XML, by
defining cryptographic standards that sit atop XML,
and generate XML documents with encrypted data. These
let you and Bob use powerful XML-based routines like
XPath, XLink and XPointer. Plus, you can now do things
like append your digital signature to your plaintext
file, encrypt the combination with Bob's public key,
and get a resultant XML document that you can send
Bob. Upon receipt, he can decrypt it and verify that
you are the author, all the while dealing with XML
documents.

This book explains the emerging XML standards that
make this possible. They discuss at a high level the
various cryptographic algorithms, like AES [Advanced
Encryption Standard], Diffie-Hellman and MD5. Little
mathematics is needed, as they leave the mechanics of
the algorithms to other books. Instead, they describe
the XML infrastructure that uses these.

The book has a necessarily comprehensive description
of canonicalisation; which refers to the rewriting of
an XML document in a standard form, prior to
encryption. Otherwise two semantically identical
documents would give different ciphertexts, which is
confusing.

If you have been wondering if you should encrypt your
XML documents, and how to do so, this book may clarify
many issues.

18 of 18 people found the following review helpful:

5.0 out of 5 stars Get help in designing secure XML applications, August 8, 2002

By 

Darshan Singh (Schaumburg, IL United States) - See all my reviews

This review is from: Secure XML: The New Syntax for Signatures and Encryption (Paperback)

The book Secure XML is an authoritative guide to learn about XML and issues involved with XML security. This book is organized and written to help you understand, design and develop secure XML applications.

The book is divided into 6 parts. The first part introduces the XML and the world of digital cryptography. The next section in the book makes sure you know all the necessary details on XML and family of standards. The second part covers XML basics, Namespaces, DTDs, Schemas, XPath, XPointer and SOAP.

The next four parts focus on XML security related details, covering XML digital signatures, XML encryption, and XML canonicalization. Part III deals with authentication - that is digital signatures, message authentication codes, etc. Part IV talks about XKMS (XML Key Management System) and illustrates implementing cryptographic security using keys. Part V discusses XML Encryption in great detail. And finally, the part VI presents various cryptographic and non-cryptographic algorithms.

In summary, this is a perfect book that provides reliable solutions for securing XML and for safeguarding information flow across today's sophisticated Web.

17 of 17 people found the following review helpful:

5.0 out of 5 stars For an executive novice, this book shines, March 17, 2003

By A Customer

This review is from: Secure XML: The New Syntax for Signatures and Encryption (Paperback)

In researching business requirements for enterprise web services, it soon became obvious that XML security would be an important issue.

I happened across this book, with a seemingly simple format and am impressed with the information it provides, the progression of information, and how well I was able to understand and comprehend the concepts detailed.

After reading serveral books on XML in general, I would recommend this book to anyone just wanting to learn XML concepts.

I wish more technical books gave me the same feeling of usefulness that this one gave me.

As they say in the movie industry... "An enthusiastic thumbs up"