September 28, 2001, 12:00 AM — XML Signature and XML Encryption
XML Signature specifies an XML-based language for representing digital
signatures. XML Signature provides the three essential components of
security: authentication, message integrity, and non-repudiation. An
XML Signature can be generated for any type of digital content
including XML documents. XML Encryption specifies how to encrypt and
decrypt XML documents and portions of XML documents.
Implementations of both of these technologies are available from:
alphaWorks XML Security Suite
http://www.alphaworks.ibm.com/tech/xmlsecuritysuite/
VeriSign Java XKMS and XML Signature SDK
http://www.xmltrustcenter.org/xkms/developer/
Entrust Authority Toolkit for Java
https://www.entrust.com/developer/java/
IAIK XML Signature Library (IXSIL)
http://jcewww.iaik.at/products/ixsil/
XKMS
XKMS (XML Key Management Specification) defines messages and protocols
for registering and distributing public keys with XML. It is built upon
the XML Signature and XML Encryption specifications. I am only aware of
VeriSign's implementation though:
VeriSign Java XKMS and XML Signature SDK
http://www.xmltrustcenter.org/xkms/developer/
SAML
SAML (Security Assertion Markup Language) enables applications
conducting business transactions to share authentication and
authorization information. Netegrity (http://www.netegrity.com)
recently announced the availability of a free SAML implementation for
Java called JSAML that, according to their press release, will be
available in October. I am only aware of this SAML implementation.
