There's a growing body of XML-related security work underway, pieces and parts of which I've covered in previous tips in this series. Wishing for a single, coherent narrative that describes all of them in one place, I optimistically typed "XML Security tutorial" into my favorite search engine to see what popped up. The lone result (though there are plenty of other good resources on this subject) is the topic of this week's tip.
Vordel is a Web and XML services security company based in Ireland, with a strong UK and US presence. Its tutorial on XML security is a pretty useful document, and a worthy starting point for anyone interested in exploring this fascinating subject. You'll find the following subjects covered in this document:
- XML Signatures
- XML Encryption
- XML Key Management Specification (XKMS)
- XML Key Information Service Specification (X-KISS)
- XML Key Registration Service Specification (X-KRSS)
- Security Assertion Markup Language (SAML)
- Extensible Access Control Markup Language (XACML)
The explanations are simple, direct, and easy to follow, which is great for getting somebody started down the road toward understanding important work underway on XML security topics.
That said, it's equally important to ask "What's missing from this document?" I could go on at length about this, but without dinging its useful content in any way, the short answer is "Context and pointers." Acronyms are used without expansion or explanation, and nowhere will you find links to related specifications, articles, and so forth. Fortunately, Robin Cover's wonderful "Cover Pages" Web site can remedy these lacks in a heartbeat (for those not already in the know, this site is one of the great resource treasure troves in the XML world, and should be included in any serious markup professional's favorites or bookmark lists). I found the combination of the Vordel piece, and the search function on Cover's site was able to produce immediate acronym expansions and pointers to relevant standards, specficiations, working papers, and so forth just by cutting from the Vordel piece and pasting into the search window in the Cover site. Talk about "the whole is greater than the sum of its parts!"
For those interested in learning more on this topic, or in getting others started down that road, this combination is nearly unbeatable, and downright informative. Enjoy!
Ed Tittel is a principal at LANWrights, Inc., a wholly owned subsidiary of LeapIt.com. LANWrights offers training, writing, and consulting services on Internet, networking, and Web topics (including XML and XHTML), plus various IT certifications (Microsoft, Sun/Java, and Prosoft/CIW).
