XML security - A comparative literature review

Since the turn of the millenium, working groups of the W3C have been concentrating on the development of XML-based security standards, which are paraphrased as XML security. XML security consists of three recommendations: XML (digital) signature, XML encryption and XML key management specification (XKMS), all of them published by the W3C. By means of a review of the available literature the authors draw several conclusions about the status quo of XML security. Furthermore, the current state and focuses of research as well as the existing challenges are derived. Trends to different application areas - e.g. use of XML security for mobile computing - are also outlined. Based on this information the analyzed results are discussed and a future outlook is predicted.

[1]  Dominik Schadow Experience XML Security , 2005, Communications and Multimedia Security.

[2]  Namje Park,et al.  A XKMS-Based Security Framework for Mobile Grid into the XML Web Services , 2004, International Conference on Computational Science.

[3]  Jörg Schwenk,et al.  Trustworthy Verification and Visualisation of Multiple XML-Signatures , 2005, Communications and Multimedia Security.

[4]  Namje Park,et al.  A study on the XKMS-based key management system for secure global XML web services , 2004, The 6th International Conference on Advanced Communication Technology, 2004..

[5]  Enrico Motta,et al.  The Semantic Web - ISWC 2005, 4th International Semantic Web Conference, ISWC 2005, Galway, Ireland, November 6-10, 2005, Proceedings , 2005, SEMWEB.

[6]  Jan Camenisch,et al.  Enhancing privacy of federated identity management protocols , 2006 .

[7]  Sung-Min Lee,et al.  TY*SecureWS: An Integrated Web Service Security Solution Based on Java , 2003, EC-Web.

[8]  Dongho Won,et al.  Implementation of Streamlining PKI System for Web Services , 2005, ICCSA.

[9]  Wu Dong-ying Certificate Validation Scheme of Open Grid Service Usage XKMS , 2005 .

[10]  Andy Clark,et al.  A stream-based implementation of XML encryption , 2002, XMLSEC '02.

[11]  David Taniar,et al.  Computational Science and Its Applications - ICCSA 2005, International Conference, Singapore, May 9-12, 2005, Proceedings, Part I , 2005, ICCSA.

[12]  Yin Yang,et al.  An Efficient Approach to Support Querying Secure Outsourced XML Information , 2006, CAiSE.

[13]  Stanley Y. W. Su,et al.  Web Information Systems – WISE 2004 , 2004, Lecture Notes in Computer Science.

[14]  JinKyu Lee,et al.  Secure knowledge management and the semantic web , 2005, CACM.

[15]  Stephen Gilmore,et al.  Evaluating the Performance of Skeleton-Based High Level Parallel Programs , 2004, International Conference on Computational Science.

[16]  Namje Park,et al.  Certificate Validation Scheme of Open Grid Service Usage XKMS , 2003, GCC.

[17]  David Taniar,et al.  Computational Science and Its Applications - ICCSA 2006, International Conference, Glasgow, UK, May 8-11, 2006, Proceedings, Part I , 2006, ICCSA.

[18]  Namje Park,et al.  Certificate validation service using XKMS for computational grid , 2003, XMLSEC '03.

[19]  Namje Park,et al.  Middleware Framework for Secure Grid Application in Mobile Web Services Environment , 2004, GCC Workshops.

[20]  Jae Seung Lee,et al.  ESES/signature and its applications for secure data exchange , 2002, Proceedings 3rd IEEE International Workshop on System-on-Chip for Real-Time Applications.

[21]  Namje Park,et al.  Development of XKMS-Based Service Component for Using PKI in XML Web Services Environment , 2004, ICCSA.

[22]  Peter Stañski,et al.  Content extraction signatures using XML digital signatures and custom transforms on-demand , 2003, WWW '03.

[23]  Zair Abdelouahab,et al.  Security on MASs with XML Security Specifications , 2006, 17th International Workshop on Database and Expert Systems Applications (DEXA'06).

[24]  Janusz Kacprzyk,et al.  Advances in Web Intelligence , 2003, Lecture Notes in Computer Science.

[25]  Jaime Delgado,et al.  Broker-Based Secure Negotiation of Intellectual Property Rights , 2001, ISC.

[26]  Kiyoung Moon,et al.  Design of unified key management model using XKMS , 2005, The 7th International Conference on Advanced Communication Technology, 2005, ICACT 2005..

[27]  Konstantin Beznosov,et al.  Introduction to Web services and their security , 2005, Inf. Secur. Tech. Rep..

[28]  Eric Jui-Lin Lu,et al.  An XML multisignature scheme , 2004, Appl. Math. Comput..

[29]  William John Jones,et al.  Wireless internet access , 2001 .

[30]  Stephen Farrell,et al.  XKMS Working Group Interoperability Status Report , 2005, EuroPKI.

[31]  Jin-Sung Kim,et al.  A Two-Phase Local Server Security Model Based on XML Certificate , 2006, ICCSA.

[32]  Yan Li,et al.  XML undeniable signatures , 2005, International Conference on Computational Intelligence for Modelling, Control and Automation and International Conference on Intelligent Agents, Web Technologies and Internet Commerce (CIMCA-IAWTIC'06).

[33]  Dongho Won,et al.  XML-Signcryption Based LBS Security Protocol Acceleration Methods in Mobile Distributed Computing , 2006, ICCSA.

[34]  Antonio Laganà,et al.  Computational Science and Its Applications – ICCSA 2004 , 2004, Lecture Notes in Computer Science.

[35]  T. Takase,et al.  XML digital signature system independent of existing applications , 2002, Proceedings 2002 Symposium on Applications and the Internet (SAINT) Workshops.

[36]  Shensheng Zhang,et al.  Trusted Exam Marks System at IUG using XML-signature , 2004, The Fourth International Conference onComputer and Information Technology, 2004. CIT '04..

[37]  Dongho Won,et al.  XKMS-Based Key Management for Open LBS in Web Services Environment , 2005, AWIC.

[38]  Wei Lu,et al.  A streaming validation model for SOAP digital signature , 2005, HPDC-14. Proceedings. 14th IEEE International Symposium on High Performance Distributed Computing, 2005..

[39]  Michael McIntosh,et al.  XML signature element wrapping attacks and countermeasures , 2005, SWS '05.

[40]  B. Soh,et al.  Maintaining the integrity of XML signatures by using the manifest element , 2004, 30th Annual Conference of IEEE Industrial Electronics Society, 2004. IECON 2004.

[41]  Jae-Kwang Lee,et al.  VO Authentication Framework in Grid Environment Using Digital Signature , 2006, ICCSA.

[42]  John M. Boyer Bulletproof business process automation: securing XML forms with document subset signatures , 2003, XMLSEC '03.

[43]  Mark Giereth,et al.  On Partial Encryption of RDF-Graphs , 2005, SEMWEB.

[44]  David McG. Squire,et al.  XML Signature Extensibility Using Custom Transforms , 2004, WISE.

[45]  Yuliang Zheng,et al.  A Hierarchical Extraction Policy for content extraction signatures , 2004, International Journal on Digital Libraries.

[46]  Yi Pan,et al.  Grid and Cooperative Computing - GCC 2004 Workshops , 2004, Lecture Notes in Computer Science.

[47]  Sjouke Mauw,et al.  XML Security in the Next Generation Optical Disc Context , 2005, Secure Data Management.

[48]  Gwan-Hwan Hwang,et al.  An operational model and language support for securing XML documents , 2004, Comput. Secur..

[49]  Jeffrey V. Nickerson,et al.  Hands-on, simulated, and remote laboratories: A comparative literature review , 2006, CSUR.

[50]  Po-Wen Cheng,et al.  A quick XML parser for extracting signatures of secure Web services , 2005, The Fifth International Conference on Computer and Information Technology (CIT'05).

[51]  Gwan-Hwan Hwang,et al.  The design and implementation of an application program interface for securing XML documents , 2007, J. Syst. Softw..

[52]  Doo-Kwon Baik,et al.  Bundle authentication and authorization using XML security in the OSGi service platform , 2005, Fourth Annual ACIS International Conference on Computer and Information Science (ICIS'05).

[53]  Fan-Tien Cheng,et al.  Development of an e-Diagnostics/Maintenance framework for semiconductor factories with security considerations , 2003, Adv. Eng. Informatics.

[54]  Dennis Gannon,et al.  Performance comparison of security mechanisms for grid services , 2004, Fifth IEEE/ACM International Workshop on Grid Computing.

[55]  Baoyi Wang,et al.  Constructing Secure Web Service Based on XML , 2003, GCC.

[56]  Roberto Tamassia,et al.  Authenticating distributed data using Web services and XML signatures , 2002, XMLSEC '02.

[57]  Jan Camenisch,et al.  Enhancing privacy of federated identity management protocols: anonymous credentials in WS-security , 2006, WPES '06.

[58]  Silke Holtmanns,et al.  Evaluation of certificate validation mechanisms , 2006, Comput. Commun..

[59]  Christian Geuer-Pollmann XML pool encryption , 2002, XMLSEC '02.

[60]  Namje Park,et al.  An efficient software-based security acceleration methods for open LBS services , 2005, Proceedings. 2005 IEEE International Geoscience and Remote Sensing Symposium, 2005. IGARSS '05..

[61]  A Min Tjoa,et al.  E-Commerce and Web Technologies , 2002, Lecture Notes in Computer Science.

[62]  Jinan Fiaidhi,et al.  Developing secure transcoding intermediary for SVG medical images within peer-to-peer ubiquitous environment , 2005, 3rd Annual Communication Networks and Services Research Conference (CNSR'05).

[63]  Kwang Moon Cho XML Security Model for Secure Information Exchange in E-Commerce , 2006, ICCSA.