This article is one of the series of articles translated for ZDNET. The unfavorable aspect of SSL is that it cannot protect documents other than the network it protects. In most affairs, at least three networks are involved: your, internet and your partner. To reduce the problem of protecting XML, W3C has created some specification for digital signing and encryption of XML documents, known as XML Signature and XML Encryption, which help protect XML transactions. The only problem is to find such a tool, let's take a look at some of these tools and check them in protecting XML documents. Apache Security When considering the XML tool, the first thing that enters my mind is apache software findation. Apache is known for its powerful web server, but its XML tool is also very popular. Xalan and Xerces are the basis for Java applications that require XML parsing. In order to extend the success of XML analysis, Apache has established project development SOAP, XSL formatted objects, SVG (Scalable Vector Graphics, scalable vector graphics), and current XML security products. Apache-XML-Security-J Project provides free W3C XML Encryption specifications of Java implementation. IBM XML Security Suite If you are familiar with apache, then you may also know the IBM alphaworks. AlphaWorks is essentially a powerful R & D team that works in the latest and most edge of software technology. The AlphaWorks team has created XML Security Suite, which provides three types of document protection: Authentication, which implements the W3C's XML Signature specification, which allows you to digitally sign the XML document and verify digital signatures. · Data Encryption, which is based on W3C's XML Encryption. · Encryption tool, which allows you to encrypt all or partially or part of the XML document into ciphertext, which will be decrypted as the original XML document. Finally, with the style of IBM typical bluff, the AlphaWorks team adds a certification layer called XML Access Control Language (XML Access Control Language). This technology only allows people to be allowed to access those documents. XML Security LibraryXmlsec Library is another kit that can add security features for your XML application. Unlike Apache and IBM tools, XMLsec Library is a C language programmer (they will be grateful to provide source code). XMLsec Library supports W3C's XML Signature and XML Encryption specifications, and also supports Canonical XML and Exclusive Canonical XML specifications. It is based on libxml and libxslt (two all from XML C Library for GNOME) and OpenSSL, supports several different encryption algorithms, including Triple DES and AES. The XMLSec Library Web site includes documents that can be interped with the three W3C specifications. XMLsec is published in a variety of forms, including source code, CVS, Linux RPM, and WINDOWS binary release.
