XML-Signature Syntax and Processing

Eastlake, rd D.; Reagle, J.; Solo, D.

doi:10.17487/rfc3075

Cited by 179 publications

(143 citation statements)

References 0 publications

Supporting

Mentioning

124

Contrasting

Unclassified

Order By: Relevance

“…For instance, our description of canonicalization is not meant to replace the work of the XML Digital Signature initiative [5]; rather, it is meant to provide a higher-level framework in which to ground the XML-specific canonicalization. We envision this framework serving two purposes: as a bridge between data formalisms, and an abstraction away from them.…”

Section: Discussionmentioning

confidence: 99%

“…A well-known current example of canonicalization involves XML documents and digital signatures [5,19,20]. The problem stems from the fact that every XML document has many different encodings as a concrete sequence of bytes.…”

Section: Canonicalizationmentioning

confidence: 99%

“…One can investigate canonicalization and transformation within one of these formalisms. The W3C, for instance, has developed solutions to both within the context of XML [5,6]. However, these data equivalence issues are problems with data in general, and cross formalism boundaries.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Towards a Fully Generic Theory of Data

Creager

Simpson

2006

Formal Methods and Software Engineering

View full text Add to dashboard Cite

Abstract. Modern software systems place a large emphasis on heterogeneous communication. For disparate applications to communicate effectively, a generic theory of data is required that works at the interapplication level. The key feature of such a theory is full generality, where the data model of an application is not restricted to any particular modeling formalism. Existing solutions do not have this property: while any data can be encoded in terms of XML or using the Semantic Web, such representations provide only basic generality, whereby to reason about an arbitrary application's data model it must be re-expressed using the formalism in question. In this paper we present a theory of data which is fully generic and utilizes an extensible design to allow the underlying formalisms to be incorporated into a specification only when necessary. We then show how this theory can be used to investigate two common data equivalence problems -canonicalization and transformation -independently of the datatypes involved.

show abstract

Section: Discussionmentioning

confidence: 99%

Section: Canonicalizationmentioning

confidence: 99%

See 1 more Smart Citation

Towards a Fully Generic Theory of Data

Creager

Simpson

2006

Formal Methods and Software Engineering

View full text Add to dashboard Cite

show abstract

“…The industry standard WS-Security [14] offers application level security as an extension to SOAP [15]. It defines how to integrate various XML Security concepts as XML Signature [17], XML Encryption [8] or the Security Assertion Meta Language (SAML) [18] into SOAP.…”

Section: Web Services Security (Ws Security)mentioning

confidence: 99%

A Flexible and Secure Web Service Architectural Model Based on PKI and Agent Technology

Khemakhem¹,

Rekik²,

Fayolle³

2010

IJI

View full text Add to dashboard Cite

show abstract

“…• x|y denotes either x or y For encoding binary data or large numbers, we use base64 encoding in the same fashion as XML-Signature [11].…”

Section: Xml Encodingmentioning

confidence: 99%

Public key distribution through "cryptoIDs"

Perrin¹

2003

Proceedings of the 2003 Workshop on New Security Paradigms

View full text Add to dashboard Cite

In this paper, we argue that person-to-person key distribution is best accomplished with a key-centric approach, instead of PKI: users should distribute public key fingerprints in the same way they distribute phone numbers, postal addresses, and the like. To make this work, fingerprints need to be small, so users can handle them easily; multipurpose, so only a single fingerprint is needed for each user; and long-lived, so fingerprints don't have to be frequently redistributed. We show how these qualities can be achieved with simple and well-understood techniques. The chief technique is for each user to store a root key in a highly secure environment and use it to certify subkeys for use in more convenient environments. Certificate formats like X.509, PGP, and SPKI could be used for this, but we argue that a format designed expressly for this could do a better job; thus we design the cryptoID certificate format.

show abstract

XML-Signature Syntax and Processing

Cited by 179 publications

References 0 publications

Towards a Fully Generic Theory of Data

Towards a Fully Generic Theory of Data

A Flexible and Secure Web Service Architectural Model Based on PKI and Agent Technology

Public key distribution through "cryptoIDs"

Contact Info

Product

Resources

About