XML (Extensible Markup Language) gives us an independent mode of data exchange between various Web-enabled Information Systems. The main motive of XML is to provide various organizations to share information using a common standardized module. One of the basic working principles of XML includes the process of separation of data from its structure. For this XML provides its users the compatibility to create their own data structure by applying the specified processing rules. XML is covering the major security aspects such as Authentication, Authorization, Confidentiality and Integrity through various applications that are purely implemented in XML. This includes the standard developed over XML. The security standard of XML comprises of XKMS (extensible Key Management System), XACML (Extensible Access Control Markup Language), SAML (Security Assertion Markup Language) and XKMS (XML Key Management System).
There are some drawbacks in the current application of XML for security web services but XML has a self compiling nature i.e. with the help of XML schemas and XML processing rules it can develop new application with out any external platform. Various other security system can be implemented in XML just by defining their working modules in XML according to its own processing rules. As it is platform independent in nature, it will help its users to use this application in limited resources for their functioning platform. .
Table Of Contents
Part I: Technical Review
1.1 Description of community
1.2 Writer’s Work Setting
1.3 Writer’s Role
2. Study Of Problem
2.1 Problem Statement
2.2 Problem Description
2.3 Problem Documentation
2.4 Causative Analysis
2.5 Relationship Of The Problem To The Literature
3. Anticipated Outcomes And Evaluation Instruments
3.1 Goals And Expectations
3.2 Expected Outcomes
3.3 Measurement Of Outcomes
3.4 Mechanism For Recording Unexpected Events
4. Solution Strategies
4.1 Discussion And Evaluation Of Solution
4.2 Description Of Selected Solutions
4.3 Project Planning and Implementation Calender
4.4 Leadership Roles
4.5 Types Of Data To Be Collected
4.6 Plans For Analyzing Result
Part II: Literature Review
1.1 Purpose Of study
1.2 Goals Of The Study
1.3 Background And Significance
1.4 Assumption Of The Study
1.5 Definition Of Terms
2 Literature review
2.1 Problem Statement
2.2 Extent Of The Problem
2.3 Technical Aspects Of XML
2.4 Managerial Consideration Of The Study
2.6 Relationship Of The Problem To The Literature
3.1 Subject Selection And Description
3.3 Data Collection Procedures
3.4 Data Collection Procedures
3.5 Data Analysis
3.6 Limitation Of Study
4.1 Presentation Of Collected Data
5 Conclusions And Recommendations
1.3 Areas Of Further Research
Description of community
Security has always been most important factor in this present business world to provide integrity of data and various transactions to maintain privacy and to ensure appropriate use of information. In this present web-enabled business world the means for attaining that security have changed. Measures providing physical security applicable in the past time when all the computed data were locked in a computing room with all jobs to be submitted locally.
Due to this variable nature of the wide network creating a single security infrastructures for the various purposes of businessmen do not scale effectively. There are many things to administer and many variations in design of such an infrastructure. More standards were required that can adapt to the new changing requirements. All these standards are supposed to work together well and should fit themselves to enable open distributed systems and content management.
Writer’s work setting
The main problem in these web-based businesses was attainment of security in data and various transactions. All these drawbacks were stopping growth of web-based business. Now to overcome these drawbacks various organizations decided to work over security issues in this business.
The main focus was on providing the security and integrity to various data and transactions. The motive of these organizations was unique, they were not providing this world a new business rather they were providing these various web-based business a new world for their functioning.
Today a lot of organizations are preventing themselves from their anticipated threats and many hundred people are working day and night to maintain this clean network for business. An essential requirement in this field was completed by XML (Extensible Markup Language).
Like other technologies coming to existence it was also supporting distributed system protocols to sum up various applications across this wide network. XML provide a simple way for data exchange between various web-enable systems . In recent years web-services are introducing various specifications. XML languages are basically text-oriented languages, which can be overloaded to various modifications and implementations . XML technically approaches for content management.
The security provided by XML remove the obstacles to adoption to various other technologies by creating a modular mechanism. XML security does not need much of the modification. The original working of XML is that it divides the main content into sub contents that are arranged in some sequence that can be formatted easily to make them ready to transfer to any destination.
Unlike many format oriented languages ( such a HTML ) there are no formatting tags for XML rather a special set of appropriate tags are devised for each category of document and the main concentration is over a meaningful encryption and not on any specific formatting. XML can do this logically because all the data formatted in XML is meaningless to any kind of exploitation done by any automated process.
In XML the data is represented in a serialized form. XML provides the user to prepare its own data structure by using various elements and tags. XML was designed to provide dynamic data storage and easy methods to retrieve that data. XML also provides the arrangement of semantic features of data , which make it readable so that the data format can be understood. Any predefined XML format can be converted to any other. XML was able to provide a high level end-to-end security.
My role in this work setting is to elaborate each and every exclusive features of XML with specific properties and to explain scope of my work setting.
Study Of Problem
The problem to be solved in this project is to avail security in XML supported systems. The transparency given by XML needs a lot of care, when you apply XML to any application on network.
Most developers have to learn how to deal with XML though they are used to with database technologies. There were various problems in the network .
1. Due to transparency it is obvious that once you put something into an XML type, there arises a shortage of availability of encryptions for the data such that it is almost projective.
2. Applications that uses access to large collection of XML data and use complex operations to retrieve necessary information from these data blocks are easily exposed to damage through an attacker.
3. Various XML languages prepared by various users can be combined i.e. if you design a language for presenting addresses and some one designed the language for presenting order. Then the later can easily use the module designed by the former just with a little knowledge of XML working engine. So a lot of conflicts can arise.
4. When we pass messages to different destinations ,we transfer them on a path. The major security in the network is concentrated over the path and not with the message. So only the path is having high-level security but not the message.
An incident took place in 2004 when some of the security researchers from Sanctum. Inc. announced a “Blind Xpath Injection”. Blind Path Injection permits a intruder having knowledge about Xpath engine to retrieve all the data belonging to that particular XML content without any knowledge of particular Xpath queries used by that particular XML applications.
The problem was not solved because if any portion of an XML documentation is opened for any application then indirectly the whole document is opened for that application and similarly to any other consecutively related application running on the same interface.
Let us take an example of an organization , which is having some internal applications and is securing all its data with the help of a firewall. You can take the assumptions that all the internal users are honest. The application uses the main data collection of the organization’s data of information’s about the employees. Suppose the application is using an XML file for the working of the application and the file contains information’s such as employee name , address, employee department name and its social security number.
The application accesses the file through employee name and department name to retrieve data from the main data. And suppose if the contact application is out side the firewall. So both the internal and external users can get access to it. This application provides the contact information regarding the particular employee. And to prevent the obsolete static information problem the application establishes a link to the internal data dynamically through a channel present in the firewall to get access to the internal application to reduce the work load.
Now through a Blind Xpath Injection an attacker might get the link to access the whole internal data chunk. This was possible because at the earlier times the various XML applications do not have a secure means of interaction.
One reason that makes the XML based technology was the aid provided to supply chain-managing system for various businesses. XML has emerged as a mechanism for the exchange of transactions. One effect which was not anticipated by anyone was that the new users having there interface with XML as supply chain management system for the first time were thinking that XML is suitable for only this particular application.
The biggest drawback of XML documentation is that at the moment of creating a text the instant text becomes case-sensitive and the text becomes unusable. Much previous security providing technologies use a set of fundamental security providing algorithms that can be implemented in XML based security systems.
The unexpected thing is that the formats supporting the older security algorithms are not that appropriate to be used in XML applications. The basic cause is that all the predefined standards were using a binary format, which in turn requires particular software’s for interpretations, and special functions for retrieving security related information’s.
The other reason for the incompatibility of the XML security is that all the predefined standards were not made keeping XML in mind.
Moreover they do not support XML approaches to manage content. Much security providing technologies assume in advance that all the security related software’s would be present. Most important issues over security comprises of Authentication, Integrity, Confidentiality, Authorization.
Authentication provides the recognition of the various parties attempting transactions. If a user transmits any data to any other user then he cannot deny from it. Because the security level checks for authenticated transactions and if any user attempts to do so the firewall or other security systems prevent them to access the network.
Authorization prevents the network from those users who are not permitted to access any particular area of the network. If any user wants to share its data with a limited group of users, then he can attain this security level by using authorization checks. Only those users who are authorized to access that information are provided support by the network.
Integrity assures the oneness of data and the source network implements it. The biggest threat to data transfer is the loss of integrity. The transfer tube in general network is provided a lot of security yet there are some weak sections through which an intruder can break the integrity. In XML documentation the care is taken regarding the data packet rather on transfer tube.
Confidentiality is maintained over this wide network with the help of various security aspects. This assures the user that the expected legitimate user will receive the data transferred by him over the network and the message will remain unintelligible to any unauthorized user. This is mainly maintained by various encryption methodologies.
Personal identification factors are required to be acquired by each and every user to differentiate between any fake or legitimate user. Another important aspect in security is the license agreement.
Usually access rules are integrated with the data. Many security technologies incorporate security code along with the respective application to implement security. This led to the creation of XML tools and security methods altogether integrated in any XML application. Thus XML security filters were incorporated in the arbitrary content without applying external customization for each application.
XML encoding cannot be used for all kinds of document, it is applicable only to those, which are physically able to assure controlled structure are certainly good applicants. XML is outstandingly suitable for such document. XML is mostly suited to unpredictable sequence of text document. Even if the documents are of suitable structures and if the market value of the data is not that demanding then implementation of XML documentation on that data will be worth less.
Automatic processing of XML documents can work reliably only if all of the documents are arranged in an integrated and predefined way. It is very important to get the implementation model correctly at the first time from the beginning. Changes are implemented in the model just after beginning to produce legitimate XML documents can be costly as per the estimates, because the changes often affect the document arrangement too.
The decision to use XML some times results in immediate troubles and over whelming process of thinking how to convert huge amount of existing data into XML format. However many different processes can be implemented, depending upon the type of the basic content , the range of the work and each and every security and arrange requirements in a proper way.
Relationship Of The Problem TO The Literature
In the primitive ages the data transfer requires a cumbersome job. A sender has to assign this job of carrying message to the destination to a mediator. This is how whole communication was going on. The mediator was a human being with high physical efficiency and strong decisions of carrying this message. The mediator has to travel kilometers of distance to deliver the message.
There was no guarantee of delivery of messages, may be possible the mediator being caught by enemy territories or something happened to him in the way. So loss in a human power for delivery of messages was not a very good practice. So there arises a trend of training birds to carry message. Which in turn was not that harmful. But this practice decreased the surety and performance of message delivery. So this also was not a good idea.
At that time of period demand of a new kind of messaging technique rose. Now the main concentration was on security of data and removal of cumbersome work out of this tradition. So then arise the techniques of encryption and decryption. Encryption was the process of converting a message to any unintelligible thing before delivering the message and decryption was the technique to make the unintelligible to a message which is explaining the actual sense of the message. This all was done with help of secrete keys called encryption-decryption keys.
The whole fundamentals behind this were the use of the encryption and decryption logic given by the key. There were many logics available to encrypt the message. The logic used to decrypt the message is just the reverse logic used to encrypt the message.
The Romans discovered various methods to encrypt the data. The benefit was that even if the messenger is caught the threat of loosing the confidentiality of the message reduced. More over if the birds are used for this processes there was no threat in supplying the key to decrypt the message along with the message. The sender and the receiver have to share the knowledge of the key preparation with each other.
But as the development in this field was going on a shortage of keys arises. So now the possible ways of decrypting the message without the direct knowledge of the key’s were increasing which gave birth to some more new applications to encrypt the message. Similarly in our present world there is always been a shortage of security measures for sending messages and establishing safe and confidential communication links.
In our present electronic world we are implementing various encryption and decryption techniques by preparing the logic on electronic board with the help of logic gates and there circuits. At present to maintain security of a network is a very big deal a various security implementing application are coming under consideration day by day. But there are lot many people who are intentionally breaking these secure network paths for there own interest.
Hacking is the term used for this practice. A hacker is a person with extra intelligence who for his/her own interest breaks the security laws to access the secure data. The hackers mainly find their prays on the link of the network.
The boundary of any established network is the best place for them to attack the data. Often many security algorithms were implement before the transmission of data yet it is possible for the hacker to break those algorithms and access the secure data .
The only solution to stop this was the effort in discovering new methods for securing the network. At each and every moment of time in our history the basic idea to attain security over the data was increasing the complexity of encrypting the message because the greater the complexity of the encryption algorithm the greater the complexity in decrypting the message.
Some times the formats were so complex that predicting the output message of after encryption was next to impossible. The main thing was the encryption and decryption algorithm should be comfortably understood to both the sender and the receiver. But this was not possible for each and every party to keep the account of the various algorithms used in encryption and decryption of the data.
So here arises the concept of having shared software for encrypting and decrypting the data over the shared link so that the complexity of sharing to the keys will be reduced.
This was gong on quite fine with all the communication links but the problem arises when the communication gave birth to globalization.
When various business links tried to make a join with each other, they experienced the a problem for interface with each other because all were having there preferred mode of communication and no was ready to change their security considerations. This was really a very big problem as it was going to limit the globalizations in communication sector.
So the whole new world came up with a solution of having a standardized convention for communication and various organizations were given the responsibility to check the maintenance of these standards by various other organizations using that network for establishing communication for their growth and development in this business world. While every thing was going fine with the new standards the problem of insecurity over the communication link came back with a lot of terror of data inconsistency.
Now reforming the whole communications system was not a good idea because it can put harm to the well-established relationships between networks. So this time the decision of reforming the communication methods was taken . Various new formats were introduced to transform data and lots of them were accepted deliberately but a feel of generalizations was not there. Here XML came into existence. XML has its own data formats that needed to be followed for effective results of this innovation.
Anticipated Outcomes And Evaluation Instruments
Goals And Expectations
The primary goal was to achieve high-level security without reforming the whole communication system. The whole world was waiting for a security system which was having a very high level of restrictions and comprises a vast set of rules to overcome all the defects experienced in the last privileged technologies. Expectations were made for the flexible access of any support system. That system should be understood to each and every user. It should not be complex like prior technologies.
Most important property that it should hold is the modularity with the upcoming technologies. Many XML based applications were developed, which ensures the secure transmission modes for communication.
To make XML best supporting pattern many categorized feature for different kinds of data types and messages were introduced. Now many standards were grown for healthy implementation of XML. Various XML technologies were introduced like XML Signature, XML Encryption algorithms, various XML syntaxes and processing rules. The security standard of XML comprises of XKMS (extensible Key Management System), XACML (Extensible Access Control Markup Language), SAML (Security Assertion Markup Language) and XKMS(XML Key Management System)
The following outcomes are projected for this project :-
Unlike the usual plain text to cipher-text conversion, the XML encryption specifications permit for the use of a convention. This means that the content and content related information’s can be encrypted easily. When this happens, the original content is replaced with an encrypted content element. In the case of an encryption key , the base data is replaced with key element.
The XML data format encrypts data in such a way that makes them secure from exploitation to any kind of electronic or automated media. But not all kind of documents can be represented in XML. Some of the special advantages of using XML documentation produced various complexities and cost increments that are supposed to be considered if a company is about to assess the advantages and disadvantages of possible XML application. In personnel, some kind of content management systems provide very advanced efficiencies for XML documentation.
The main purpose of XML documentation was to disintegrate the collection of data documents into sub-contents which are semantically correct and are arranged in sequenced and hierarchical structure that can be easily used , retrieved, re-arranged and formatted for transferring to a variety of network media and agencies.
The possible problem of arrival of conflicts between different modules designed over a single platform can be handled in XML by an application in XML called Namespace. XML namespaces combine tags with separate unique identifier and can also provide aid in removing ambiguous situations.
The complexity arriving at the time of firing queries on the huge collection of XML data to implement operations securely can be removed just by designing applications which uses small and controlled memory chunks of XML data in easily manageable steps which in turn is helpful in applying various effective security measures.
The threat of attack over the Data-gram (smallest unit of data which is transported one after the other over the network) on the transport tube during the data transfer is removed in XML appliances by applying maximum security over the Data-gram rather than given high security to the network. Thus the receiver can check for any unexpected changes encountered in the data unit.
Measurement Of Outcomes
In opposite pattern-based languages, such as HTML (Hypertext Mark-Up Language), their does not exits any kind of pre-defined rules for XML. Unlike other technologies in the same category XML is perfectly suitable for document categories as report writing , news articles, guide books, training manuals and to a, less extent, poetry writing skills, for programmers, forms, product description catalogues and many other different types of documents.
Unluckily, the encouragement with which XML was adopted by the world as a efficient data format for holding highly structured data among various databases and software applications has gone to hide its document concentrated origins. Just with the development of word-processing modules those comprising of “ save to XML” options were the real purpose which began to re-organize itself. And even those steps had promoted a misguiding concept of the aim of XML. For example, Microsoft Word uses XML in place of its RTF formatting documentations, and therefore it includes XML processing rules for each of the different styles that the Word software can produce. XML is not always supposed to be the most obvious solution to every particular information management related problem. Well really, there were moments when it should not be given so many considerations. As expressed above, XML is the most perfectly suited solution to structured narrative data documentation, comprising of unexpected arrangements of such text formats as paragraphs, tables. Highly structured data has a base position in database systems. At the other end, highly designed content , for example any picture book or any information brochure may need not to have any structure at all. But one thing to consider that, in both the case, XML can still play most important roles in content collection and publishing of that content. Even if the data are structurally perfect, and the market value of the content is very less, and if high quality is not a aim, then we should not implement XML security over that document because it will not come to us with any worth. In general, short-life data that will never be need for re-utilization for any media or any particular group of users should not be associated with XML. It is usually much comfortable to create documents in XML format, rather than creating them in any other format and then convert them XML. Currently many XML-sensitivity authorizing modules are present to select from, though it is only the XML word processors which are considered for literature writers, as a cheaper tool that is suppose to aim over XML development but not sufficiently possessing the capability. Many of these word-processors do not show the availability of XML documentation from many authors as an practice to simplify the writing experience, rather in turn they create many user interface problems as compare to they solve. Some others had taken the sensible approaches for bringing XML in the view. Most of the complex data handling systems are comprised of one or more of available the best and highly efficient word processors, though they are also ideal for offline writing. It was not a surprise that, a data management system need not to be much aware that it is going to handle an XML document but what it was supposed to provide are its basic features for storing data securely and it should also provide easy modes of data retrieval and removing redundancy. Unlike these systems some systems were able to identify XML documents and provide some advanced special XML-specific capabilities. So, the features, which we should consider while creating a new data handling system, clearly depends on the information’s regarding business requirements.
The basic security aspects such as Authentication, Authorization, Integrity and Confidentiality is provide by XML by the various standards such as XML encryption, XML digital signature. XML encryption is use to provide confidentiality and XML digital signatures can be used to provide integrity. For the proper key management between the communication properties XKMS is used. Security Assertion Markup Language for making assertions regarding authentication and authorization.
The basic communication takes place with the help of messages. XML messages belong to the Application layer of the OSI Model, so the network layer cannot do any help in providing security to our data. The hacking possibilities increase when any non-legitimate user attacks the XML decoder with the help of any other application. It is even possible that the attacker may try to access the XML parser (Parser’s are the software applications mainly used to decode XML documents) directly which is an attack of high level. Both these kind of attacks can b e done with the help of XML itself. The valid XML document can contain such severe information’s that can harm the XML document or its parser. The solution for this is the use of firewall at the interface of any XML application so that it can separate the malicious information’s regarding the data. A new separate security policy can be established on the XML firewall to pass only some types of data formats to the XML application. Thus we can eliminate the malicious content before reaching to the XML parser. One more thing can create problem for XML parser , which can come into account through message of infinite length. If such a message reached the parser then the parser will have to take all of the resources available to him and then also parsing that document will take a lot of time. To deal with this problem the parser must be tuned so intelligibly that it should reject very long document by itself and should report the administrative application about this mishap.
We have some queries and their answers to measure the possible out come.
Can XML provide selective encryption?
Answer: Selective encryption is a very important feature of any encryption algorithm. If you are having a data with huge content and if in that content only a small part is secret and the rest of the message in unimportant for even ourselves then if we encrypt the whole document, it will come to us as waist of time and money rather we can do one thing that we should encrypt only a small part of the document and keep the rest as it was then it would be an effective encryption. This facility is provided in XML support systems for encryption.
How secure the verification of XML signature is ?
Answer: The document to be signed is converted first into its canonical for and then the document is signed either by a RSA signature (Which is actually the implementation of a hash function which is followed by RSA private key application) or by a DSA signature (which is actually a hash function followed by a DSA signing application). So both these procedures require some kind of secret keys and secret keys are always the important factor of security. XML appliances do this very carefully.
Is it necessary for us to sign the whole XML document ?
Answer: We can selectively sign any particular part of XML document according to our requirements. XML signatures provide a module to the users called Fragment Identifier. Fragment Identifier works on the principal of identifying an element to be signed by its Id value, or by XPath information, which provides any document’s subset to be signed individually.
Is it possible for us to transmit data between to organizations working on completely different platforms ?
Answer:- XML is an important component in web-enabled services. The thing that makes it so important is its ability to provide exchange of data with different structure and formats in the networks , which does not share common platforms in between them.
Is the XML security system extendable ?
Answer :-XML security system is a stand alone system which is having a very flexible interface and nondependent security services for each kind of application so it is really easy to extend this security system with new emerging security services.
Mechanism For Recording Unexpected Events
Observations :- Long lasting integrity provides the user with the capability detecting unanticipated changes encountered by the in the content , whether they are malicious or produced by any fault. In simple checksum , a digital signature does not append a digest of the data with the signer entity of the document using a cryptographic method. A digest is a kind of digitized “fingerprint”, in other words we can say that it is a short but fixed-length value which is unique for the content and it is not practically possible to determine it without the document. With the help of applying any cryptographic method to the digest will make it hard for anyone other than the legitimate signer to alter the content without detection. Integrity provides the surety that the document is not only protected in transmitting it, but it is also protected when it is stored for intermediate processing’s.
1) Is application of ‘zoning’ to XML documents are a good practice ?
The answer is the concept of zoning is usually applied to XML documents in this practice each zone is supposed to represent the content in between a specified set of tags. The text within which a word or phrase is present can be taken into consideration for zoning. Let see an example, it appears possible to encounter documents that contain a special word, but it has it only when it arrives in the summary or within the titles. It can be helpful in build new documentations automatically from considered components of various other documents.
2) Is it possible that the content of XML documentation will become inappropriate for direct display ?
The answer will be yes it happens when we are not using appropriate tags for producing XML document. This can be corrected by the use of content management system. It provides with the means of getting the preview of the document.
3) Is it possible to search any XML document efficiently ?
The answer will be yes. XML documents can be searched, like the other text-based documents, more it can accept queries, like those in the database records, using some languages, which are similar to SQL. The properties of accessing techniques resemble XML’s nature as a medium between uncontrolled text such as paragraphs and highly structured data such as tables. Those search tools are really sounds invaluable, which find specific data within a huge archive. Of course, basically being text-based documentation, an XML document can be supporting indexed by any kind search engine. However, it is possible that the structural nature of XML documents may enable to perform much-refined searches.
Why it is so that the installation of XML appliance and maintenance costly. The two basic factors, which have effect in the contribution of the cost of installing XML appliance is, the specialized knowledge and the risk involved in its installation. Usually any project, which provides XML conversion techniques, requires some design work at the initial stage. If that work is done with expertise then that work need not to be modified frequently. Hence it does not make any sense for most of the business organization to create those high profiled skills for the company’s full time employees. More over if any kind of mistake happened during the designing process then it may result in a very expensive recovery.
Why it is so that the XML is appropriate language to keep the track of data though we are having high-level implementations in relational data base management system. The reason being Relational data base system is mostly used to manage a large amount of content. The concept of metadata in database provides a solid structure to implement the security and to handle workflow components required for data management. But this application cannot assure the integrity of the distributed data. As there is increase in competition under the category of content management system. Which in turn will raise questions against the increasing cost of installation. But the various application provided by XML will keep it ahead of the Relational Database Management System.
Why using XML documentation appeared as the main business language in this corporate world. The reason for this is that XML documentation gives us advantages in many categories of documentation. XML documentation provides you with international standards and its structure provide the surety that the document purely satisfies the corporate guidelines with the implementation of various processing rules. The methodology of separating the content from its actual structure, it is possible to present a different view of the content to different category of users which is not possible with HTML or other documentation systems. The biggest advantage of XML documentation is its platform independent and easily upgradeable nature.
The popularity of XML has given birth to NRL ( Namespace Routing Language). This is theoritically a schema language. Its main purpose is to provide direction to the parts of documentation to their perticular schemas on the basis of namespace of the encountered content. An NRL is simply a list of XML Namespaces and a directed path to the corresponding schema. This enables each schema to be associated with only its individual language specifications , and the NRL file directs the schema validator to the appropriate schema file depending on the value of the namespace category of that content.
The simplification and advantages of XML encouraged the developers to use XML in collaboration with any advanced technology or application. New web services were designed using XML standards. XML provides the structural and logical foundations, which can be implemented over a variety of platforms or with various categories of products.
Now a days the developers can implement J2EE ( Java 2 Enterprise Edition) to prepare a XML based web-enabled service. They can include J2EE features to create a complete and fully automatic web-enabled service, which is compiling over the XML standards. The developers can create this powerful application without crucial implementation and complexity.
With the growing space for XML documentation the need of the conversion tool, which would be able, to convert XML format to any Specified format increased. So another supporting standard of XML was developed called XSLT ( Extensible Style-sheet Language Transformation ). It proved helpful in converting to any other specified format for manipulation or representation.
The basic needs for online business were solved by various XML processing rules. The property of XML that provide dynamic storage to the data marked more importance in the business lifeline. The only problem of establishing communication among the various organization those involved themselves in this network was resolved by establishing standards for XML. Many separate standards of XML are merged together to produce technologies that prove themselves essential for web-services .
For example, XMSF(Extensible Modeling And Simulation Framework), XMSF is a web-enabled modeling and Simulating work logic developed for the analysis of commercial approaches and operational application. It was developed to solve the issues regarding the interoperability and security of the system. To achieve this some of the processing rules were modified to very mall extent and all the security standards were employed at diff stages of the whole process.
Discussion And Evaluation Of Solution
As the online business increased the threat of data inconsistency increased in a considerable amount, which was limiting the scope of the business. Moreover when various organizations were trying to involve in this globalization the communication mode was the biggest obstacle in that success. That organization’s that have to share their information to this world were not getting a way to do it safely. And when they all got a common mode of communication i.e. XM L, then challenges raised for its security complaisance .
To develop a solution in the current age we should check for the existing solution for the same problem in the past. The problem of communication was there in ancient times also the solution were cumbersome and most of the time they were impractical, until the concept of encryption came into account. The basic method was to convert the original text to an unintelligible document. But the problem was that the person who has encrypted the message cannot go by itself to decrypt the message and to make it understood to the receiver. So they devised a particular key to encrypt and decrypt messages. Both the sender and the receiver have to share this key to use technique. The possible threat of the key being shared to any illegitimate user was always with the communicating parties.
So a new and perfect application has to be devised to establish a secure communications .Many researches were carried over the basic ideas and slowly slowly many secure systems were devised. The example was “http” ( Hyper Text Transfer Protocol ), which was the collection of most efficient protocols to enable security. “http” was used to carry HTML documents. The only drawback of “http” was it was not that efficient to carry documents enabling dynamic data storage. The concept of dynamic data storage was important factor regarding the continuous updating of data. So to implement dynamism in updating content a new technology XML emerged.
The writer will use this solution, which is the acceptance of XML patterns because with the help of it you can remove conflict between two similar kinds of data formats. It guides us to the internationalized format for documentation. It can provide us secure encryption methods. It allows us to implement search algorithms over the document and has kept many other possibilities for modification.
Description of selected solutions
XACML presents a policy defining language as well as an access control language. The language defining the policy is used to explain general access control necessities and the access control language defines the validity of any fired query.
SMAL is a security certified standards. SMAL provides standardized protocol for requesting and receiving documentations from the authorized security services. If SMAL is combined with the security units of web services then it can be used in transportation of certified data in the form of a SOAP message.
XML Signature are basically used to sign and data. The XML signature can also be used to sign any document which is present outside the XML document which is containing the signature and the terminology used for this application is called Detached Signature. XML Signatures can also be used to sign any particular part of the whole document and the terminology used for this is called Enveloped Signature. We can also put the Signed data inside another document, which is explicitly signed, then this terminology is called Enveloping Signature. The creation of an XML signature is bits tougher work that producing a normal digital signature.
XKMS presents some of the most secure web-services to for the key management between the communicating parties. The whole procedure comprises of two procedures. One among the two is the process producing and validating key according to the position of the users. The second process is of registering the key for those two legitimate users. The main function of XKMS is to reduce the complexity of key assignment. XKMS can be implemented from various servers also.
XML Schema is basically a description of the type of the document. The main purpose of any XML schema is to define how an XML document can be . This fairly explains the domain of XML for various elements. It also tells us that what kind of formatting can be applied to any particular document. It also defines the syntaxes for checking the validation of the vocabulary applied to the document .
There are three different forms of schema language available. Relaxing, Document Type Definitions and W3C XML Schema. Each of the forms are having their own specific properties along with there own advantages and disadvantages.
Project Planning and Implementation Calender
To implement the project of security in XML appliances we have to make our selves aware of the processing rules and the vocabularies provided by the XML documentation to make their effective use in module designing.
The main turning point of our prescribed solution will come at the moment of associating connectivity of our application with the Internet.
We will have to apply different aspects of any prescribed solution till suits the XML documentation processing rules and produces the anticipated outcome.
After testing any particular aspect , which is strictly following the XML processing rules, we will evaluate the possible outcomes till we get the exact parameters on which the expected outcome is frequently arriving.
Week / Dates
Events That Occurred
Week 1 / 2-9 Feb
A brief look over the each and every XML vocabulary and processing rules.
All the vocabularies, which can be subjected to any change for further implementations, are short-listed.
A large number of vocabularies are supposed to be modified using various processing rules present in the XML library.
Week 2 / 10-16 Feb
Defining The Modules.
Many new modules were created and a small group of old ones were refurnished.
All the predefined modules were modified to suit to the platform of the developing project.
Week 3 / 17-23 Feb
Associating The Modules.
All the modules were categorized in order to prepare separate groups to be associated.
This is the main job of the whole work setting. It has to be done very carefully or our project will take a wrong way.
Week 4 / 24 Feb-2 Mar
Running the application for a simple Text document.
The text document was formatted to XML specifications.
Now the document can be transferred over the network to various destinations.
Table 1: Implementation Calender
My role is to guide my team for proper implementation of XML vocabularies and processing rules. I will make them aware of the critical section in the development and would guide them to safe paths. I will subdivide my team after they would learn the proper implementation of XML vocabularies. Further I will divide the whole project into small modules and then I will distribute those modules within my sub divided groups.
Types Of Data To Be Collected
The basic syntactical information would be required to be collected explicitly. The logic to implement those syntaxes would be developed by my team only. The whole XML library of vocabularies, which is the quantitative data and the documentation regarding the processing rules, which is the qualitative data, would be required.
Plans For Analyzing Result
We will analyze the data on the basis of the requirement for creating any particular type of documentation in XML. The requirements regarding the testing of our application would be all possible logics that are used till now over that devised application. The data is the most important part of this application , because all the testing work to be done to the check for the desirable outcomes would be decided over the properties of the data for which the application is devised. The data would be presented in the tabular form so as to differentiate between them easily.
The communication techniques established between the users over the network were not that efficient and secure. There was no globalization among the old standards. What we did is that we selected some international conventions and marked them as standards for the XML documentation. Our goal is to come up with a secure and efficient means of establishing coming communication. After working over the project and observing the outcomes we obtained the following
1) Unlike the usual plain text to cipher-text conversion, the XML encryption specifications permit for the use of a convention. This means that the content and content related information’s can be encrypted easily. When this happens , the original content is replaced with an encrypted content element. In the case of an encryption key, the base data is replaced with key element.
This outcome was met.
· The XML encryption is the most effecting encoding algorithm that can be used before loading any XML documentation over the network channels.
2) The XML data format encrypts data in such a way that makes them secure from exploitation to any kind of electronic or automated media. But not all kind of documents can be represented in XML. Some of the special advantages of using XML documentation produced various complexities and cost increments that are supposed to be considered if a company is about to assess the advantages and disadvantages of possible XML application. In personnel, some kind of content management systems provide very advanced efficiencies for XML documentation.
This outcome was met.
· The working of XML documentation can refined to a very high extent with the help of a special module provided by XML called the Content Management System.
3) The main purpose of XML documentation was to disintegrate the collection of data documents into sub-contents which are semantically correct and are arranged in sequenced and hierarchical structure that can be easily used, retrieved, re-arranged and formatted for transferring to a variety of network media and agencies.
This outcome was met.
· The XML documentation is having full control over the content it is documenting no matter how large it is.
4) The possible problem of arrival of conflicts between different modules designed over a single platform can be handled in XML by an application in XML called Namespace. XML namespaces combine tags with separate unique identifier and can also provide aid in removing ambiguous situations.
This outcome was met.
· The XML is able to differentiate between documentation’s, which are of same type, and working on the same platform. XML treat them as two separate entities, which has the conflicts between the content to a very large extent.
5) The complexity arriving at the time of firing queries on the huge collection of XML data to implement operations securely can be removed just by designing applications which uses small and controlled memory chunks of XML data in easily manageable steps which in turn is helpful in applying various effective security measures.
This outcome was met.
· By applying the technique of keeping the data distributed, XML has devised much easier methods for data retrieval.
6) The threat of attack over the Data-gram (smallest unit of data which is transported one after the other over the network) on the transport tube during the data transfer is removed in XML appliances by applying maximum security over the Data-gram rather than given high security to the network. Thus the receiver can check for any unexpected changes encountered in the data unit.
This outcome was met.
· XML has increased the security over the data unit while it is in the network channels, which helps the receiver to catch any unexpected change in the data.
All these implementation will prove the iron power of XML technology. This implementation comprises of security providing protocols, standardizing modules , globalization providing modules, flexibility increasing modules. It also includes modules which selects the proper application that should be implemented according to the type of content.
All the applications running before XML were working as separate entities in the network. Other useful modules were supposed to associate with them at the time of documentation. So this was a very complex process with a very high implementation cost. But after the introduction of XML documentation many things changed. XML was actually a self-developing technology. At the start XML documentation was not having much application modules but its processing rules were so much supportive that they enabled developers to create various specified modules to increase the flexibility of XML technology. Many unexpected things even happened some good some bad. No body has expected that XML will come in front as a platform independent technology. This feature of XML helped in solving the roadblocks of removing the conflicts between the documents that are of same type and working on the same platform.
1) For developing any application we should always check the capabilities of its platform and then we should work accordingly.
2) Before starting for any development we should consider the processing rules to see whether there is a chance of modifications.
3) We should not limit the scope of thing in the range of our expectations from any development.
The communication over the network is really insecure. Much different kind of threats is present in the network. The data we transfer can be lost or may be directed to any wrong destination or any illegitimate user destroyed it. So there are lots of problem in establishing secure links. One solution to all these problems was the use of XML. XML (extensible Markup Language) gives us an independent mode of data exchange between various Web-enabled Information Systems. The main motive of XML is to provide flexibility to share information using a common standardized module. One of the basic working principles of XML includes the process of separation of data from its structure. For this XML provides its users the compatibility to create their own data structure by applying the specified processing rules. XML is covering the major security aspects such as Authentication, Authorization, Confidentiality and Integrity through various applications that are purely implemented in XML. This includes the standard developed over XML. The security standard of XML comprises of XKMS (extensible Key Management System), XACML (Extensible Access Control Markup Language), SAML (Security Assertion Markup Language) and XKMS (XML Key Management System).
There exists some security related problems in XML web services but XML seems a very good business-conducting platform because of its very nature of accepting the changes implied to it considering its processing rules. It is platform independent in nature, which helps different users to utilize this application with their limited resources for their functioning. The security standard provided by the XML technology is quite high in comparison with the consecutive technologies. XML is capable of providing end-to-end security because of its concentration on secure delivery of the data unit.
The present day communication systems are serving a very important purpose of establishing a globalize set up to express views about each other. The main purpose served is of establishing business links between various multi national organizations. The network links are used to transfer data and to complete many transactions, which are the basic units of any business.
The nature of network is very simple it simply routes the data to where it is guided by the user. But many times some illegitimate users captures the transport link and try to influence the data either by altering it or by destroying it. The biggest obstacle in the development of web –based services is the threats over the security and the rigidity of the network.
Purpose Of study
The sole purpose of the study is to remove the problem in availing security to XML supported systems. For a certified security license the application must satisfy the basic aspects of the security.
Goals Of The Study
1) To check whether the present XML documentation technology could be modified to attain much more flexibility over various data types.
2) To implement the platform independent nature of XML to include various other important functionalities explicitly.
3) To establish some standardized modules to improve the performance and reduce the complexity at a very large level.
4) To implement various security aspects with the base rules provided by the XML documentation.
Background And Significance
The main problem in the web-based services was the security in data in various transactions. Now to reduce these drawbacks from various functionalities organizations decided to work over implementing security in this field. The main focus was on providing the security to various data and transactions. The aim of these organizations was common, they want to give this world a very secure platform. Today a many organizations are protecting their data from their anticipated threats and many hundred people are working hard to achieve their goal. An essential step in this field was forwarded by XML (extensible Markup Language). XML is a widely applications for different types of content. XML provide a secure mode of data exchange between various web-enable systems. In past years web-services are associating various specifications. XML languages are basically text-oriented languages, which can be subjected to various modifications . XML technically proceeds for content management. XML security does not need much of the modification. The basic working of XML is that it divides the main content into several sub contents that are rearranged in some sequence that can be formatted easily to make them ready to transfer at any transfer tube. XML can logically format the data in such a way that it seems meaningless to any kind of exploitation done by any kind of automated process.
Assumption Of The Study
These are the following assumptions:-
1) The data unit traveling over the network has security implementing algorithms along with them.
2) The security implementing applications explained here are only for the secure transmission of data in within the network.
3) The application is concentrated over the transmission of different type of text documents.
Definition Of Terms
Routing :- It is the process of directing the data unit to any predestined location over the network.
Authentication:- It is the method for checking the legality of any user.
Authorization:- It is the method of checking the access of the user to any particular web service.
Integrity:- This term defines the oneness of any data.
Data-gram:- It is the smallest unit of that is routed in the network.
Namespace:- It is a tag used in XML documentation
Encryption:- It is a method of encoding any data to any other format.
Decryption:- It is the process of retrieving the original data from its encrypted form.
Legitimate:- This term is used to refer any authorized person.
XML:- Extensible Markup Language.
SAML:- Security Assertion Markup Language.
XKMS:- Extensible Key Management system.
XMSF:- Extensible Modeling And Simulation Framework.
XACML:- Extensible Access Control Markup Language.
HTML:- Hyper Text Markup Language.
NRL:- Namespace Routing Language.
XSLT :- Extensible Style-sheet Language Transformation.
http :- Hyper Text Transfer Protocol.
Due to the unpredictable nature of the network creating a security infrastructure for the various purposes of businessmen will not be that much effective. There exist many things to consider and much variety of designs for such an infrastructure. More standards should be generated that can associate themselves with the changing requirements.
Extent Of The Problem
There was a shortage of encryptions method for various data such that the encryption technique can be identified easily by a hit and trial method. Applications that access to large collection of data and use complex modules to retrieve important information from these data blocks are very hard to practice on a daily basis. Various languages prepared by various users are associated with each other’s so as to increase the functionality. Then the later can easily use the module designed by the former just with a little knowledge of XML working engine. So a lot of conflicts can arise. When we pass messages to different destinations, we transfer them on a transfer link. The major security applied to the network is associated with the path but not with the message. So only the path is secured not the message.
Technical Aspects Of XML
The basic needs for web-based business were explored and solved by a variety XML processing rules. The basic property of XML that gives us mode to store data dynamically marked more importance in the business field. The problem of establishing a common communication link among the various organizations those were involved in this network was resolved by creating standards for XML. Many separate standards of XML are associated together to produce highly technologies that are essential for web-services.
Managerial Consideration Of The Study
There were some limitations in our current application , which was there due to the presence of modules in a very disintegrated form. One needs to arrange those modules according to their use. This never led to the formation of a solution package due to the absence of generalized method. It was always a problem in the handling a huge collection data. It was rather really complex to apply various techniques for retrieving data. Moreover searching for any document in that huge chunk was really impossible.
A review of literature suggest that the development and implementation of XML engine with the help of its libraries which comprises of XML vocabularies and processing rules will surely overcome the current system’s drawback.
Relationship Of The Problem To The Literature
In the past times the data transfer was a big job. There was no guarantee of delivery of message , may be any enemy catching possible the mediator or he died in the way. So loss of a human just for delivery of messages was not a good deal . Then use of birds carried on for some time to carry message. Which in turn was not that risky. But there was no surety of performance. So this also not turned out as a good idea. At that time demand of a new kind of messaging technique rose.
The main concentration was kept on security of data. So then arise the techniques of encryption and decryption. Encryption was the process of converting a message to any unintelligible data before delivering the message and decryption was the technique to make the unintelligible to a message which is explaining the actual sense of the message. This all was done with help of secrete keys. The basic fundamentals behind this were the use of the encryption and decryption logic for preparing key. The logic used to decrypt the message is just the reverse logic used to encrypt the message.
The benefit was that even if any third party catches the messenger the threat of loosing the confidentiality of the message was not there. More over if the birds were used for this process there was no threat in sending the key to decrypt the message along with the message. The sender and the receiver have to share the key. But as the development in this field was going on a shortage of keys arises. Similarly in our present world there is always been a shortage of measures for sending messages and creating safe communication links.
In our present digital world we are applying various encryption and decryption techniques by preparing the logic on electronic board with the help of logic gates and there circuits. At present to maintain security of a network is a very big deal a various security implementing application are in search of an efficient solution.
The only way came out was the application of security algorithms over the data.
The sole purpose of the study is to remove the problem in avail security in XML supported systems. The primary goal was to achieve high-level security without reforming the whole communication system. The whole world was waiting for a security system which was having a very high level of security and comprises a vast set of processing rules to overcome all the defects experienced in the last privileged technologies. Expectations were made for the flexible access of any support system. It should not be complex like prior technologies.
Subject Selection And Description
The people all around are indulging themselves into the web-services for their own comfort. But there many such people who have nothing to do with the system still they are trying to get inside it, these are considered as illegitimate users. The whole network is needed to be secured from such kind of users. The security aspects must be certified for any legitimate user so that conflicts will not arise.
The instruments used to measure were merely the demand charts of any security enabling software. Many people their websites daily to found some thing of there use. You can also check the rate list of any website selling security providing appliances. You will see the publicity rate of that site. It would be very high because now every one wants their data to be secured from others.
Data Collection Procedures
Now a day’s the academic libraries are full of books or documents on security
Issues. The knowledge can be acquired by self-study. The basic syntactical information would be required to be collected explicitly. The logic to implement those syntaxes would be developed by my team only. The whole XML library of vocabularies, which is the quantitative data and the documentation regarding the processing rules, which is the qualitative data, would be required.
The data should be analyzed on the factors of various security aspects such as Authentication, Authorization, Integrity and Confidentiality. XML documentation provides the fulfilling of all the security aspects by the various standards such as XML encryption, XML digital signature. XML encryption is use to provide confidentiality and XML digital signatures can be used to provide integrity. For the proper key management between the communication properties XKMS is used. SAML ( Security Assertion Markup Language) is used for making assertions regarding authentication and authorization.
Limitation Of Study
1) The security implementing applications explained here are only for the secure transmission of data within the network.
2) The application is concentrated over the transmission of different type of text documents.
Many different criteria’s were established to transfer data over the network. The encrypting methods were differentiated for different kind of data types various formats were designed to present the input to the encryption algorithm in a systematic manner.
Presentation Of Collected Data
Our main objective is to modify the current security systems implemented through XML without changing the base platform of XML. Also we are trying to upgrade the present processing rules to achieve flexibility in our project.
Predefined functions those were implemented in XML.
Table 2: Collected Data
There are only two types of data that is collected from the XML documentation. The XML vocabularies are the basic terminal approaches that we can make in XML. And modules are the predefined and implemented function built over the processing rules.
All the expected out comes met which indeed is a very big achievement in this present era. Due to these outcomes the future technologies emerging out of XML would be the important modules of the web based business machines. If any of the expected outcomes were not met then we has to develop a new technology which has to be more flexible than XML and producing such an application will lots of human and economic resources.
XML is the most supportive technology today’s web-based business. All the sole purposes of any security implementing application can be completed with XML processing rules. All the criteria’s that a extraordinary software for security should follow are already satisfies by XML. No doubt XML will be the future.
Conclusions And Recommendations
· Currently XML is the most co-operative and flexible technology existing for various kind of web-services.
· XML can be a very good platform for developing more security implementing software’s using the method of cross compilations.
· Any one with basic knowledge of network can implement XML security.
1. Before starting any application project we should always calculate the functionalities to be enabled in it and the we should choose the platform for development accordingly.
2. Before starting the project the basic resources matching to the development platform should be explored for the concept review.
3. We should not waste the time in just searching the suitable platforms , rather we should develop the logic first.
Areas For Further Research
· Researches can be done to combine XML documentation with HTML documentation.
· In future the XML technology should be used for data’s other than text documents.
Holzner et al., Steven (200). Java 2: JDK 5 Edition. 1071-1046.