XML security - A comparative literature review

Authors:
Andreas Ekelhart;Stefan Fenz;Gernot Goluch;Markus Steinkellner;Edgar Weippl
Affiliations:
Secure Business Austria, Vienna, Austria;Secure Business Austria, Vienna, Austria;Secure Business Austria, Vienna, Austria;Information and Software Engineering Group, Vienna University of Technology, Austria;Information and Software Engineering Group, Vienna University of Technology, Austria
Venue:
Journal of Systems and Software
Year:
2008

Citing 34
Cited 4

Broker-Based Secure Negotiation of Intellectual Property Rights

ISC '01 Proceedings of the 4th International Conference on Information Security
XML pool encryption

Proceedings of the 2002 ACM workshop on XML security
A stream-based implementation of XML encryption

Proceedings of the 2002 ACM workshop on XML security
Authenticating distributed data using Web services and XML signatures

Proceedings of the 2002 ACM workshop on XML security
Content extraction signatures using XML digital signatures and custom transforms on-demand

WWW '03 Proceedings of the 12th international conference on World Wide Web
XML Digital Signature System Independent of Existing Applications

SAINT-W '02 Proceedings of the 2002 Symposium on Applications and the Internet (SAINT) Workshops
Bulletproof business process automation: securing XML forms with document subset signatures

Proceedings of the 2003 ACM workshop on XML security
Certificate validation service using XKMS for computational grid

Proceedings of the 2003 ACM workshop on XML security
Trusted Exam Marks System at IUG Using XML-Signature

CIT '04 Proceedings of the The Fourth International Conference on Computer and Information Technology
Performance Comparison of Security Mechanisms for Grid Services

GRID '04 Proceedings of the 5th IEEE/ACM International Workshop on Grid Computing
A Hierarchical Extraction Policy for content extraction signatures: Selectively handling verifiable digital content

International Journal on Digital Libraries
Developing Secure Transcoding Intermediary for SVG Medical Images within Peer-to-Peer Ubiquitous Environment

CNSR '05 Proceedings of the 3rd Annual Communication Networks and Services Research Conference
Bundle Authentication and Authorization Using XML Security in the OSGi Service Platform

Proceedings of the Fourth Annual ACIS International Conference on Computer and Information Science
Secure knowledge management and the semantic web

Communications of the ACM - The semantic e-business vision
XML signature element wrapping attacks and countermeasures

Proceedings of the 2005 workshop on Secure web services
A Quick XML Parser for Extracting Signatures of Secure Web Services

CIT '05 Proceedings of the The Fifth International Conference on Computer and Information Technology
Hands-on, simulated, and remote laboratories: A comparative literature review

ACM Computing Surveys (CSUR)
XML undeniable signatures

CIMCA '05 Proceedings of the International Conference on Computational Intelligence for Modelling, Control and Automation and International Conference on Intelligent Agents, Web Technologies and Internet Commerce Vol-1 (CIMCA-IAWTIC'06) - Volume 01
Security on MASs with XML Security Specifications

DEXA '06 Proceedings of the 17th International Conference on Database and Expert Systems Applications
Enhancing privacy of federated identity management protocols: anonymous credentials in WS-security

Proceedings of the 5th ACM workshop on Privacy in electronic society
The design and implementation of an application program interface for securing XML documents

Journal of Systems and Software
A streaming validation model for SOAP digital signature

HPDC '05 Proceedings of the High Performance Distributed Computing, 2005. HPDC-14. Proceedings. 14th IEEE International Symposium
Evaluation of certificate validation mechanisms

Computer Communications
On partial encryption of RDF-Graphs

ISWC'05 Proceedings of the 4th international conference on The Semantic Web
Trustworthy verification and visualisation of multiple XML-signatures

CMS'05 Proceedings of the 9th IFIP TC-6 TC-11 international conference on Communications and Multimedia Security
Implementation of streamlining PKI system for web services

ICCSA'05 Proceedings of the 2005 international conference on Computational Science and its Applications - Volume Part I
XML security in the next generation optical disc context

SDM'05 Proceedings of the Second VDLB international conference on Secure Data Management
VO authentication framework in grid environment using digital signature

ICCSA'06 Proceedings of the 2006 international conference on Computational Science and Its Applications - Volume Part II
XML-signcryption based LBS security protocol acceleration methods in mobile distributed computing

ICCSA'06 Proceedings of the 2006 international conference on Computational Science and Its Applications - Volume Part V
A two-phase local server security model based on XML certificate

ICCSA'06 Proceedings of the 2006 international conference on Computational Science and Its Applications - Volume Part V
XML security model for secure information exchange in e-commerce

ICCSA'06 Proceedings of the 2006 international conference on Computational Science and Its Applications - Volume Part IV
An efficient approach to support querying secure outsourced XML information

CAiSE'06 Proceedings of the 18th international conference on Advanced Information Systems Engineering
XKMS-Based key management for open LBS in web services environment

AWIC'05 Proceedings of the Third international conference on Advances in Web Intelligence
XKMS working group interoperability status report

EuroPKI'05 Proceedings of the Second European conference on Public Key Infrastructure

Development of a mobile airline reservation and payment system

International Journal of Electronic Finance
A novel client-based approach for signing and checking web forms by using XML against DoS attacks

Proceedings of the 12th International Conference on Information Integration and Web-based Applications & Services
A practical application of our MDD approach for modeling secure XML data warehouses

Decision Support Systems
XML privacy protection model based on cloud storage

Computer Standards & Interfaces

Quantified Score

Hi-index	0.00

Visualization

Abstract

Since the turn of the millenium, working groups of the W3C have been concentrating on the development of XML-based security standards, which are paraphrased as XML security. XML security consists of three recommendations: XML (digital) signature, XML encryption and XML key management specification (XKMS), all of them published by the W3C. By means of a review of the available literature the authors draw several conclusions about the status quo of XML security. Furthermore, the current state and focuses of research as well as the existing challenges are derived. Trends to different application areas - e.g. use of XML security for mobile computing - are also outlined. Based on this information the analyzed results are discussed and a future outlook is predicted.