XML Security

5a5433971a5d2.jpg Author Blake Dournaee
Isbn 9780072193992
File size 3.8MB
Year 2002
Pages 379
Language English
File format PDF
Category Security

Book Description:

The above book is full of information with regards to XML Security and it's implementations. However, I found it to be VERY application oriented towards RSA's own Bsafe product Cert-J.

If you are interested in utilizing a C or C++ parser you should look for a different book. But, if you will be developing and/or utilizing XML via a Java-based program; this is definitly the book for you.

Given the fact that XML is a key component of web services, and extensively used in e-commerce and enterprise applications integration, this book addresses a genuinely important topic. For one reason, XML is text-based and can expose proprietary information, which is a vulnerability for competitive intelligence specialists and corporate spying.
Before going into what the book contains it's important to know that much of the material is based on RSA's view of the security. This isn't a criticism, but an up-front statement of fact because if you're looking for a book that is 100% vendor neutral you are going to have to wait until one is written - this is the only book I know of that is solely about XML security.
The book starts with primers on security and XML to set the context. It then covers, in succession, digital signatures (chapters 4, 5 and 6), and XML encryption. These chapters are consistent with work and specifications produced by XML Signature WG (joint the Working Group IETF and W3C for digital signatures) and the W3C working group for XML Encryption.
Chapter 8 is specific to RSA products. It shows how to implement XML encryption using RSA BSAFE© Cert-J, which can be downloaded in a trial version from RSA's website. Chapter 9 covers XML key management specification, which are consistent with the W3C working group's specifications, and how XML security relates to web services.
Despite the slight bias towards RSA this book is an invaluable reference. It provides an in-depth discussion of major security issues, as well as how they are being addressed by the W3C. It goes without saying that anyone who is responsible for system architecture, design and/or security should carefully read this book.


Download (3.8MB)

No Comments

Leave a Reply

Your email address will not be published. Required fields are marked *