2.What is the relationship between XML encryption, XML signature and SAML/WS-security?
Are XML encryption and XML signature a subset of the two other?
3.Can SAML and WS-Security work together?
4.Are there any other important XML security standards out there except XML encryption, XML signature, (XKMS) XML key management specifications, WS-Security, SAML and XACL for access control?
All the questions you ask are good questions to which I (and I suggest I am not alone) do not have the answers. The whole security arena is quite fragmented and volatile at the moment. This is not helped by the fact that security on the Internet at large is an unsolved problem. XML or no XML, there is no consensus as to how to achieve non-repudiation for example - a vital component of transactional processes on the Internet.
The Halcyon days of PKI as a solution to these problems seem long gone - not
necessarily for technical reasons. I suspect things will get worse before
they get better in the XML security space.
This was first published in July 2002