- Information Security In General
- Securing XML Documents: XML Signature, XML Encryption
- Applying XML Security to Web Services: Web Services Security
- Using XML and Web Services for Security
Using XML and Web Services for Security
So far, this article discussed how to secure XML and Web services. XML and Web services can also be applied to simplify security solutions. For example, XML's flexibility and extensibility present an interesting opportunity to design languages for expressing complex security statements, such as authorization statements and access control policy statements. Security Assertion Markup Language (SAML) and XML Access Control Markup Language (XACML) are attempts to capture such opportunities.
The promise of simplicity and interoperability of Web services is another opportunity for security. XML Key Management Systems (XKMS) is a specification that aims to use Web services to simplify the use of public key infrastructure (PKI). PKI consists of a set of sophisticated protocols for managing digital certificatesregistering, issuing, retrieving, verifying, and revoking them. It is not easy to properly operate such an infrastructure. Remember that Web services is a technology that enables the outsourcing of non-core business processes, so it is quite natural to "wrap" a PKI as a Web service to hide the inherent complexity of PKI and provide it as a service.
We expect many more uses of Web services for security and trust functions in the future. A few examples are payment services, identity and personalization services, time-stamping and notary services, and rating services. XML security and Web services security technologies will accelerate the adoption of these services.