From the author of
- Get familiar with the basic W3C Recommendations for XML encryption, digital signatures, and Canonical XML.
- The Organization for the Advancement of Structured Information Standards (OASIS) maintains several security standards. Check out their site for numerous links to articles and standards documents.
- Extensible Access Control Markup Language (XACML) is an OASIS standard for expressing XML policies for information access over the Internet.
- XML Key Management Specification (XKMS) is a W3C standard for XML key management.
- Security Assertion Markup Language (SAML) is an OASIS XML-based framework for creating and exchanging security information between online partners.
- Harold Lockhart provides a good summary of OASIS standards in his article "Demystifying Security Standards."
- Bruce Schneier is a security guru who has written extensively on security-related matters. Check out his Crypto-Gram newsletter.
- To defend against attacks, you need to put yourself in the place of the attacker. Jim Whittaker provides valuable insights in his book How to Break Web Software: Functional and Security Testing of Web Applications and Web Services.
- For a techno-thriller novel with some highly technical descriptions of code breaking and information security, check out Neal Stephenson’s Cryptonomicon (Avon, 2002). With its cast of characters that includes Alan Turing, Isokoru Yamamoto, and Karl Dönitz, you can’t go wrong.