XML Security Tutorial

XML Security Tutorial

This tutorial is sponsored by:

Securing XML is an essential element in keeping Web services secure. Created in partnership with our sister site,

Requires Free Membership to View

Login

When you register, you'll begin receiving targeted emails from my team of award-winning writers. Our goal is to keep you informed on recent service-oriented architecture (SOA) and SOA-related topics such as integration, governance, Web services, Cloud and more.

Hannah Smalltree, Editorial Director

By submitting your registration information to SearchSOA.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSOA.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

SearchSecurity.com, this SearchSOA.com Tutorial is a compilation of resources that review different types of XML security standards and approaches for keeping your XML Web services secure.

TABLE OF CONTENTS

   XML Security Key Terms and Definitions
   Introduction to XML Security
   OASIS
   WS-Security
   SAML
   XML Signatures & Encryption
   XML Firewalls
   More Learning Guides

XML Security Key Terms and Definitions

Return to Table of Contents

Security Assertion Markup Language (SAML) (SearchSecurity.com Glossary)
Authentication (SearchSecurity.com Glossary)
Authorization (SearchSecurity.com Glossary)
Digital signature (SearchSecurity.com Glossary)
SOAP (Simple Object Access Protocol)(SearchWebservices.com Glossary)
Algorithm (SearchSecurity.com Glossary)
Extensible Access Control Markup Language (XACML) (SearchSecurity.com Glossary)
Organization for the Advancement of Structured Information Standards (OASIS) (SearchWebservices.com Glossary)
Encryption (SearchSecurity.com Glossary)
WS-Security (SearchWebservices.com Glossary)
Firewall (SearchSecurity.com Glossary)
Single signon (SearchSecurity.com Glossary)
Public key infrastructure (PKI) (SearchSecurity.com Glossary)

Introduction to XML Security

Return to Table of Contents

Article: XML complexity introduces security risks (SearchSecurity.com)
Article: Web services require new approach to security (SearchSecurity.com)
Article: Sorting out the Web services security landscape (SearchSecurity.com)
Conference presentation: How to Overcome Web Services Security Obstacles (Information Security Decisions 2005)
Quiz: Infosec Know IT All Trivia: Securing Web services (SearchSecurity.com)
Advice: Confused about differences in Web services security technology (SearchSecurity.com)
Webcast: Web Services Security School, Lesson 1: Why Web services need security and trust (SearchWebServices.com)

OASIS

Return to Table of Contents

Advice: National standards, security bodies release security checklists spec (SearchWebServices.com)
Article: OASIS ratifies core security spec (SearchSecurity.com)
Article: Latest Web services spec tackles application flaws (SearchSecurity.com)
Advice: How will the battle between W3C and OASIS affect Web service security standards? (SearchSecurity.com)
Article: Study shows companies still lukewarm (for now) on Web services (SearchSecurity.com)

WS-Security

Return to Table of Contents

Web resource: Fast facts: WS-Security (SearchWebServices.com)
Q&A: Standards expert: WS-Security changing Web services landscape (SearchSecurity.com)
Article: Implementing WS-Security (SearchWebServices.com)
Advice: What security concerns does WS-Security address? (SearchSecurity.com)
Advice: Are there other projects for Web services security in the works beside WS-Security? (SearchSecurity.com)
Advice: How will WS-Security impact Web services deployments? (SearchWebServices.com)
Advice: A few questions regarding XML security (SearchWebServices.com)

SAML

Return to Table of Contents

Advice: How SAML works (SearchWebServices.com)
Article: Young SAML must conquer business pressures (SearchSecurity.com)
Article: SAML 2.0 unifies support for federation (SearchWebServices.com)
Article: SAML ratification enables vendor interoperability (SearchSecurity.com)
Article: Federal agency demonstrates SAML interoperability (SearchWebServices.com)
Webcast: Web Services Security School, Lesson 4: SAML (SearchWebServices.com)
Advice: Are SAML and WS-Security competitive specifications for Web services security? (SearchSecurity.com)

XML Signatures & Encryption

Return to Table of Contents

Article: Securing Web services requires out-of-box thinking (SearchSecurity.com)
Article: Web services pose identity management challenges (SearchWebServices.com)
Q&A: The pros and cons of securing Web services with SSL (SearchSecurity)
Article: Report recommends standalone XML security appliances (SearchWebServices.com)
Web resource: A how-to guide for supporting digital signatures within SOAP messages (SearchWebServices.com)
Advice: Determining from WSDL if a Web service supports XML signature (SearchSecurity.com)
Advice: Confused about differences in Web services security technology (SearchSecurity.com)
Advice: Support for XML signature/encryption (SearchWebServices.com)
Advice: What implementation(s) of XML encryption and XML signature would you recommend? (SearchWebServices.com)
Webcast: Web Services Security School, Lesson 3: XML Signature and XML Encryption for Web services (SearchWebServices.com)

XML Firewalls

Return to Table of Contents

Advice: Securing Web services: A job for the XML firewall (SearchSecurity.com)
Article: XML firewalls dig deeper than traditional firewalls (SearchSecurity.com)
Article: Web application, XML firewalls converge in one appliance (SearchWebServices.com)
Article: Web services security vendors focus on access control, XML firewalls (SearchSecurity.com)
Article: New XML firewall keeps watch on Web services (SearchWebServices.com)
Article: Various flavors of firewalls are evolving (SearchSecurity.com)
Article: XML firewall integrates crypto hardware (SearchSecurity.com)
Article: Westbridge exec: When XML is a factor, standard firewalls don't cut it (SearchSecurity.com)
Web resource: Featured Topic: XML firewalls (SearchWebServices.com)

More Learning Guides

Return to Table of Contents

More Learning Guides

Return to Table of Contents

Dig Deeper

People who read this also read...
Related tags
- security
- tutorial
- xml

Related glossary terms

Terms for Whatis.com - the technology online dictionary

Show me more

This was first published in February 2005

More from Related TechTarget Sites

Cloud computing
Java
Business Analytics
Oracle

Cloud computing
- Citrix readies CloudPlatform on CloudStack in bid for enterprise cloud
  
  Compatibility with Amazon, a slew of cloud tools and its upcoming CloudPlatform could help virtualization titan Citrix become a serious cloud vendor.
- Alleviating BYOD security issues using private cloud
  
  Centralizing security management in a private cloud is an easy way to fend off malware attacks and adhere to BYOD security policies.
- Test your Windows Azure IQ
  
  Windows Azure will be an integral part of Microsoft’s cloud computing strategy going forward. How high is your IQ on the product? Find out by taking our quiz.
Java
- FuseSource releases enterprise products at CamelOne 2012
  
  Here at CamelOne 2012, FuseSource is releasing two new products – Fuse ESB Enterprise 7.0 and Fuse MQ Enterprise 7.0.
- Open source integration framework keeps motorists safe in the UK
  
  Automotive rescue and recovery services in the UK gained significant messaging advantages over the past few years. The new Automotive Network Services (ANS) system, built and maintained by Apex Networks, connects automotive clubs and insurance agencies with the mechanics, riggers, and first responders that provide emergency services to accidents and disabled vehicles.
- Scaling up and scaling out to meet new business demands
  
  Scaling up and scaling out are two ways for growing businesses to increase productivity, but doing so blindly may be more costly than it's worth.
Business Analytics
- Eckerson: 'Big data' analytics weighs a mix of the old and new
  
  In a video interview, business intelligence analyst Wayne Eckerson offers tips on using big data analytics software and related big data technology. He also gives his view of what big data really is.
- To glean value from 'big data' projects, it may take more than Hadoop
  
  Organizations will have to push beyond storage requirements and basic business intelligence tools to exploit big data, according to a Gartner analyst.
- On the go the way to go? Answer lies with building mobile BI business case
  
  According to a recent Gartner survey, mobile technology is the second most important priority for CIOs in 2012, but building the business case is easier said than done.
Oracle
- Integrating non-Oracle applications into Oracle environments
  
  Oracle application integration becomes even more complicated when trying to integrate Oracle applications and databases with non-Oracle applications.
- Integrating Oracle applications brings complexity
  
  Oracle’s various investments and acquisitions over the past decade have some customers struggling to integrate it all, although Oracle’s own middleware might be able to help.
- Implementing a Hyperion system in 3 weeks -- it can be done
  
  An Oracle Hyperion system implementation in three weeks? Yes, it can be done. Communications firm Neustar implemented Hyperion in less than a month and gained efficiencies in the process.

All Rights Reserved, Copyright 2001 - 2012, TechTarget