Win a copy of The Little Book of Impediments (e-book only) this week in the Agile and Other Processes forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

XML signature

 
srinivasan ganesan
Ranch Hand
Posts: 54
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello Ranchers,
I was reading through the document about XML signature from the w3c site but I gave up cos some of the stuff were way over my head. I wish I could ask specific questions but before that I would like to get a general understanding of how XML signatures are applied. I would appreciate it if someone could explain the series of events that occur during the authentication of a user? using this technology.
Thanks in avance,
Srini
 
Syed AliRaza Zaidi
Ranch Hand
Posts: 169
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Well I Agree With You The W3C Recommendation has no head nor foot it goes over head for first time you need to go through it again and again.I think there is IBM's Tutorial not exactly tutorial but an article for security you can see link from previous mail of Shainshank Tanksali
See site
Developer Fusion
I think will help you and also see Java Ranch Links
 
Danl Thompson
Ranch Hand
Posts: 93
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
It is important to know how Signitures work, but more important to know what their application is. What can be signed? Who can be authenticated?
In a nutshell, signitures can be applied any document, or parts of a document, or external references to XML or other non-XML content. It is important that parts can be signed separately, so that as content is added it does not whack (technical term) the existing signiture.
The content itself is not signed. Rather, the content is converted into a smaller digest, which is then signed. The signiture can be internal to the document or external to the document or the signed resource can be contained in the signiture.
PK Encryption allows the receiver to authenticate the author, but of course the author has no way to authenticate the reciever, unless he/she signs it and sends it back.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic