XML Security Learning Guide

TABLE OF CONTENTS

   XML Security Key Terms and Definitions
   Introduction to XML Security
   OASIS
   WS-Security
   SAML
   XML Signatures & Encryption
   XML Firewalls
   More Security Learning Resources
   Free Security IT Downloads

XML Security Key Terms and Definitions

Return to Table of Contents

• Security Assertion Markup Language (SAML) (SearchSecurity.com Glossary)
• Authentication (SearchSecurity.com Glossary)
• Authorization (SearchSecurity.com Glossary)
• Digital signature (SearchSecurity.com Glossary)
• SOAP (Simple Object Access Protocol)(SearchWebservices.com Glossary)
• Algorithm (SearchSecurity.com Glossary)
• Extensible Access Control Markup Language (XACML) (SearchSecurity.com Glossary)
• Organization for the Advancement of Structured Information Standards (OASIS) (SearchWebservices.com Glossary)
• Encryption (SearchSecurity.com Glossary)
• WS-Security (SearchWebservices.com Glossary)
• Firewall (SearchSecurity.com Glossary)
• Single signon (SearchSecurity.com Glossary)
• Public key infrastructure (PKI) (SearchSecurity.com Glossary)

Introduction to XML Security

Return to Table of Contents

• Article: XML complexity introduces security risks (SearchSecurity.com)
• Article: Web services require new approach to security (SearchSecurity.com)
• Article: Sorting out the Web services security landscape (SearchSecurity.com)
• Conference presentation: How to Overcome Web Services Security Obstacles (Information Security Decisions 2005)
• Quiz: Infosec Know IT All Trivia: Securing Web services (SearchSecurity.com)
• Advice: Confused about differences in Web services security technology (SearchSecurity.com)
• Webcast: Web Services Security School, Lesson 1: Why Web services need security and trust (SearchWebServices.com)

OASIS

Return to Table of Contents

• Article: Web services security specs hit the standards track (SearchWebServices.com)
• Article: OASIS advances security standards (SearchSecurity.com)
• Article: OASIS ratifies core security spec (SearchSecurity.com)
• Article: Latest Web services spec tackles application flaws (SearchSecurity.com)
• Advice: National standards, security bodies release security checklists spec (SearchWebServices.com)
• Advice: How will the battle between W3C and OASIS affect Web service security standards? (SearchSecurity.com)
• Article: Study shows companies still lukewarm (for now) on Web services (SearchSecurity.com)

WS-Security

Return to Table of Contents

• Fast facts: WS-Security (SearchWebServices.com)
• Q&A: Standards expert: WS-Security changing Web services landscape (SearchSecurity.com)
• Article: WS-Security celebrates anniversary as a standard (SearchSecurity.com)
• Article: Implementing WS-Security (SearchWebServices.com)
• Advice: What security concerns does WS-Security address? (SearchSecurity.com)
• Advice: Are there other projects for Web services security in the works beside WS-Security? (SearchSecurity.com)
• Advice: How will WS-Security impact Web services deployments? (SearchWebServices.com)
• Advice: A few questions regarding XML security (SearchWebServices.com)

SAML	Return to Table of Contents

• Article: RSA 2006: Hunger grows for federated ID (SearchSecurity.com)
• Article: Eight vendors pass SAML 2.0 sniff test (SearchSecurity.com)
• Article: Liberty Alliance begins SAML 2.0 testing in July (SearchSecurity.com)
• Article: Young SAML must conquer business pressures (SearchSecurity.com)
• Article: SAML 2.0 unifies support for federation (SearchWebServices.com)
• Article: SAML ratification enables vendor interoperability (SearchSecurity.com)
• Article: Federal agency demonstrates SAML interoperability (SearchWebServices.com)
• Advice: Limiting the risk and liability of federated identities (SearchSecurity.com)
• Advice: How SAML works (SearchWebServices.com)
• Advice: Are SAML and WS-Security competitive specifications for Web services security? (SearchSecurity.com)
• Webcast: Leveraging the power of SAML (SearchSecurity.com)
• Webcast: Web Services Security School, Lesson 4: SAML (SearchWebServices.com)

XML Signatures & Encryption

Return to Table of Contents

• Article: Securing Web services requires out-of-box thinking (SearchSecurity.com)
• Article: Web services pose identity management challenges (SearchWebServices.com)
• Q&A: The pros and cons of securing Web services with SSL (SearchSecurity)
• Article: Report recommends standalone XML security appliances (SearchWebServices.com)
• How-to guide: Supporting digital signatures within SOAP messages (SearchWebServices.com)
• Advice: Determining from WSDL if a Web service supports XML signature (SearchSecurity.com)
• Advice: Confused about differences in Web services security technology (SearchSecurity.com)
• Advice: Support for XML signature/encryption (SearchWebServices.com)
• Advice: What implementation(s) of XML encryption and XML signature would you recommend? (SearchWebServices.com)
• Webcast: Web Services Security School, Lesson 3: XML Signature and XML Encryption for Web services (SearchWebServices.com)

XML Firewalls

Return to Table of Contents

• Article: Web application firewalls create breathing room (SearchSecurity.com)
• Article: Rockwell Collins taps XML security appliance for services foundation (SearchWebServices.com)
• Article: XML viruses threaten Web services security (SearchSecurity.com)
• Article: XML firewalls dig deeper than traditional firewalls (SearchSecurity.com)
• Article: Web application, XML firewalls converge in one appliance (SearchWebServices.com)
• Article: Web services security vendors focus on access control, XML firewalls (SearchSecurity.com)
• Article: New XML firewall keeps watch on Web services (SearchWebServices.com)
• Article: Various flavors of firewalls are evolving (SearchSecurity.com)
• Article: XML firewall integrates crypto hardware (SearchSecurity.com)
• Article: Westbridge exec: When XML is a factor, standard firewalls don't cut it (SearchSecurity.com)
• Advice: XML-based attacks and how to guard against them (SearchSecurity.com)
• Advice: Securing Web services: A job for the XML firewall (SearchSecurity.com)
• Featured Topic: XML firewalls (SearchWebServices.com)

More Security Learning Resources

	SECURITY SCHOOL		LEARNING GUIDES		CHECKLISTS		GLOSSARY		ASK THE EXPERTS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Authentication and Authorization Economic downturn raises risk of security breaches, insider fraud Brits accept biometrics to prevent rise in identity theft Setting up a remote access security policy Integrating biometric authentication with Active Directory Single sign-on implementation lets South Manchester doctors work more effectively Identity management still eludes most companies Smart card overcomes static PIN Understanding multifactor authentication features in IAM suites Bank security chief explains how to avoid internal threats Malware infections down 60% at UK firms Web Application Security Future security threats: Enterprise attacks of 2009 How to prevent clickjacking attacks with security policy, not technology Finjan offers free audits for crimeware sufferers Finance sector poor at achieving outsourcing success How to prevent SQL Server and Internet Explorer hack attacks Web browser exploits explained Sophos adds browser and virtualisation blocking features Web advertising exploits: Protecting Web browsers and servers Hacker toolkit targets Microsoft Access zero-day Hackers and phishers see charities as "soft targets"

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary Chip and PIN  (SearchSecurityUK.com) UK Identity Cards Act  (SearchSecurityUK.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary