Web Services Security Page By Symon Chang

This page will have some links and resources for the Web Services Server Security.

Web服務之安全技術及標準包括XML資料加密、XML 數位簽章、XKMS、SAML、WS-Security等等。

打造安全的電子交易機制

近來電子商務已成為全球熱門話題，並被各國政府及民間企業視為新世紀經濟運作主軸。美國各個市場調查及研究機構的研究及統計資料都一致認為電子商務交易的商機無窮，大有可為。如此龐大商機，早已吸引電信、金融、網路以及各大中小企業等各路人馬積極搶進。

雖然目前企業間電子商務的前景相當看好，但是究竟企業加入電子商務是否會成功，則要視許多基本因素來決定。其中，電子交易的安全問題是電子商務成長的一個重要因素。 全文詳見 . . . .

• XML Encryption -- XML 資料加密
• XML Digital Signature -- XML 數位簽章
• XKMS -- XML Key Management Specification
• SAML -- Security Assertion Markup Language
• SOAP Security
• ebXML Security
• Microsoft Web Services Security
• Articles about Web Services Security
• Java and other Security Standards Links
• What are Web Services? -- 什麼是Web服務？

Web Servcies Security

• W3C XML Encryption Specification, W3C Document
• XML Encryption Syntax and Processing, W3C Document
• Enabling XML security An introduction to XML encryption and XML signature, an IBM DeveloperWorks paper with coding examples.

• W3C XML Signature Specification, W3C Document
• Trusted Documents
• The status/design of XML Signatures and Encryption
• New Encryption and Decryption drafts
• Decryption Transform for XML Signature, W3C Document
• XMLDsig - Digital Signatures for XML Documents
• XML-Signature Syntax and Processing
• IAIK XML Signature Presentation

XML Key Management Specification is technology intended to help programmers easily add digital signatures and data encryption to their e-commerce applications.

XKMS標準將簡化授權、編碼和數位簽章等功能和網路應用程式的整合，以提昇網際網路的安全性。XMKS 藉著公用鑰匙結構(public key infrastructure)之產品與服務簡易地存取應用的開放架構，提供一個電子商務應用程式間廣泛互通的完整網路安全架構，並可與WSDL 及SOAP 兩項標準做完善的整合應用。

• XKMS: XML Key Management Specification Home Page
• XML Key Management Specification Draft version 1.1
• XKMS Spec at w3c.org
• Securing Web Services using the Java Platform and XML, a Java Developer Connection article. This article has XKMS Java coding sample.
• XML Key Management Specification Bulk Operation (X-BULK) Baltimore Technologies' extension to the XKMS
• Baltimore Technologies Releases XKMS X-BULK Specification for Digital Certificates
• WS Trust and XML Security Standards, a Web Services Security standard while paper from Entrust
• XML Strategy for Authorization, a while paper from Entrust
• XML Key Management XML Trust Services, white paper from VeriSign
• Are we eliminating complexity or transliterating it? Zolera XKMS Position Paper

Security Assertion Markup Language will authenticate people to make sure they are in fact who they say they are.

SAML的目的在於建立一分享使用者資訊與交易的共通語言及鼓勵透過多種平台之網站與Web服務的環境下進行的單一簽章。

• OASIS SAML and XACML
• Draft Documents Available for the Security Assertion Markup Language (SAML)
• OASIS's XACML Page
• XACML
• Netegrity's JSAML Toolkit Now Available Enables Rapid Deployment of SAML Solutions for the Secure Exchange of User Information Across Companies, Netegrity's press release.
• Security Services Markup Language (S2ML) v.0.8 Specification

• W3C SOAP Security Extensions
• Digital Signature for SOAP Messages
• SOAP Security Extensions

• ebXML Security
  • Technical Architecture Risk Assessment v1.0
  • Registry Security Proposal
• OASIS ebXML Collaboration Protocol Profile and Agreement , OASIS CPP/CPA Web Site

• Microsoft Global XML Web Services Architecture News GXA has four specifications -- WS-Security, WS-License, WS-Routing and WS-Referral. It builds on XML Web services technologies.
• Web Services Security Language(WS Security)
• WS-License Overview. WS-License describes a set of commonly used license types (credentials that are signed assertions) and describes how they can be placed within the WS-Security "credentials tag."
• Web Services License Language (WS-License) The spec.
• XML Web Services Security from Microsoft
• Building Secure Web Services with Microsoft

• Microsoft's press release on "opening up" Passport
• Microsoft's Q&A on "opening up" Passport
• Microsoft to open up Passport to rivals (Network World)
• Microsoft Plans to Open Passport (Internet Week)

• XML and Security By CTO of Vordel 12/2001. This article describes a selection of these initiatives: the W3C's recent XML Signature specification and its relationship to SOAP, the OASIS SAML initiative, and XKMS. Together, these initiatives are setting in place the infrastructure that will allow XML to travel safely between enterprises.
• Web services insider, Part 9: Digging into the issues -- Security and Privacy IBM's Web Services articles
• Enabling XML security, an introduction to XML encryption and XML signature from IBM
• The XML Security Suite: Increasing the security of e-business IBM's solution with coding example.
• Special Report: The Language Of XML Security Network Magazine 06/05/01
• Vendors jostling over XML security specs
• Getting serious about Web security (InfoWorld)
• Startup looks to provide security, reliability for Web services (InfoWeek)
• Securing Web services using the Java platform and XML (Java Developer)
• Web Services Trust (Entrust)

• Identrus
• Java Cryptography Architecture Spec.
• How to Implement a Provider for the JavaTM Cryptography Extension 1.2.1
  • An Overview of Cryptography in Java, Part 4: Permissions, Documentation, and Export Issues
• Java Cryptography Architecture (JCA) API Specification & Reference
• Java Cryptography Extension (JCE) 1.2.1 API Specification & Reference

Delegated Path Validation and Delegated Path Discovery DPV/DPD protocols can improve certificate validation.

• Delegated Signature Validation, Delegated Path Validation and Delegated Path Discovery Protocol Requirements
• Internet Draft for Delegated Path Validation and Delegated Path Discovery Text version.
• PKIX Working Group Deveolped DPV/DPD

• XML Security from XML.org This site has links for artilces, standards, toolkits, etc.
• XML Security Page by University of Siegen This sites has links of new Web Services Security articles.

歡迎對本站內容提出您的寶貴意見， E-mail: symonchang@earthlink.net