Ask the Expert

A few questions regarding XML security...

I have few questions regarding XML security:
1.What

    Requires Free Membership to View

is the relationship between WS-security and SAML? Do you think that eventually these two standards will become one?

2.What is the relationship between XML encryption, XML signature and SAML/WS-security?

Are XML encryption and XML signature a subset of the two other?

3.Can SAML and WS-Security work together?

4.Are there any other important XML security standards out there except XML encryption, XML signature, (XKMS) XML key management specifications, WS-Security, SAML and XACL for access control?


All the questions you ask are good questions to which I (and I suggest I am not alone) do not have the answers. The whole security arena is quite fragmented and volatile at the moment. This is not helped by the fact that security on the Internet at large is an unsolved problem. XML or no XML, there is no consensus as to how to achieve non-repudiation for example - a vital component of transactional processes on the Internet.

The Halcyon days of PKI as a solution to these problems seem long gone - not necessarily for technical reasons. I suspect things will get worse before they get better in the XML security space.

This was first published in July 2002

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: