Safer XML (1/2) - exploring XML
Security is a popular subject in these times, both in the personal and global context. While computer security concepts in general are old hats since the 80's, it seems that everything needs to be reinvented for XML, or at least with XML, including security. XML security standards include XML Encryption, XML Signatures, Security Assertion Markup Language (SAML), and Extensible Access Control Language (XACL).
Computer security presumes the following features:
|Privacy||Only invited parties can join a conversation||Encryption|
|Non-repudiation||the author of a message cannot deny having authored it||Signatures|
|Integrity||The content of a conversation has not been tampered with on its way||Digests|
|Access control||Parties are authenticated and authorized before engaging in conversation||User IDs, Access Control Lists|
All of these aspects have been thoroughly researched long before XML was invented, and the relevant technologies have existed for a long time. Security for a single computer was pretty much established alongside the invention of computers. The second software component after the operating system for IBM mainframes was the Resource Access Control Facility (RACF), which controls system access to these machines to date. With the advent of distributed computing in the 80's most of the remaining problems coming with untrusted third parties in a computer network were solved. Most of Distributed Computing Environment (DCE) technology dealt with this, particularly the Kerberos authentication and credentials system.
Encryption and Signatures
Since XML is in fact plain text, all algorithms devised for encrypting and signing text documents can be used for XML straight away. Alas, the structure inherent to XML documents creates new challenges:
- Different textual representations of the same XML document can exist due to different use of spacing, line breaks, and entities.
- Only parts of an XML document might be encrypted or signed, and different parts of the same document should be selectively accessible or inaccessible to various parties.
- An XML document can be the result of an arbitrary number of encryption and signature steps.
We will now discuss the solutions to these problems individually.
The issue of different textual representations of logically equivalent XML documents has been solved with the definition of a canonical form for XML documents. This definition sets rules for spacing, line breaks, and the use of entities. The calculation of message digests has to be effected and verified on the canonical form of the XML document and not any variants thereof. Thereby identical hash values indicate that the canonical form of the XML document is unchanged, even if the textual form differs.
Partial encryption and signing
Both XML Encryption and XML Signing introduce their own namespace with a set of tags that can
appear anywhere in an XML document. Thereby
can be present as the root element of a document, or somewhere in its body. Encrypted data
cannot be nested, but it can be applied numerous times on already encrypted data. Signatures can
be wrapped as an envelope around the data to be signed within the same document, as well as
being detached by referencing outside content.
After various steps of encrypting and signing an XML document it becomes impossible for the receiver
to deduce the appropriate transformations to be applied in order to restore the original content and
verify the signatures. Therefore
transform elements have been added to signatures for
indicating the steps required to recreate the initial content.
We are concluding with some examples...
Produced by Michael Claßen
Created: Jan 06, 2003
Revised: Jan 06, 2003