XML Security Standards
XML’s widespread adoption in all aspects of Internet commerce means that the essential ingredients of all electronic security systems—data integrity, authentication, and confidentiality—must be supported. XML security is addressed by a family of standards designed to help developers build secure XML-based applications. Figure 2 shows several of the major XML security standards and how they relate to the overall XML security picture.
Figure 2 The XML family of security standards.
The core XML standards related to encryption and digital signatures are maintained by the W3C. Other standards such as Security Assertion Markup Language (SAML) and Extensible Access Control Markup Language (XACML) are maintained by OASIS, a nonprofit consortium that drives the development of eBusiness standards.
In this article, the focus will be on XML digital signature and XML encryption, the two foundational standards that support the three pillars of security—data integrity, authentication, and confidentiality.