| XML's use in Internet e-commerce applications demands the essential ingredients of all electronic security systems: confidentiality, authentication, and data integrity. While public-key cryptography provides techniques for meeting all three requirements, there are issues peculiar to XML and SOAP that require approaches that go beyond the basic capabilities provided by existing and widely accepted transport-layer security mechanisms, such as Secure Sockets Layer (SSL) and Transport Layer Security (TLS). The problem is that solutions such as SSL and TLS address only part of the requirements for confidentiality, authentication, and data integrity when an XML-SOAP combination is in use. The following sections describe several scenarios in which the security provided by the various transport-layer mechanisms may not be sufficient. XML Document Security Issues | XML requires special treatment when encrypting or signing. | The rules of XML allow for some special scenarios that make it difficult to simply encrypt or digitally sign XML, such as the following: -
Missing attributes declared to have default values are provided to the application as if present with the default value. -
Character references are replaced with the corresponding character. -
Entity references are replaced with the corresponding declared entity. -
Attribute values are normalized by replacing character and entity references. -
Attribute values are also normalized, unless the attribute is declared to be an XML CDATA type (see Appendix A for more on CDATA). When normalized, all leading and trailing spaces are stripped, and all interior runs of spaces are replaced with a single space. SOAP Security Issues | SOAP messaging raises new issues concerning digitally signing XML. | Just as XML processing brings up special issues related to digitally signing XML documents, SOAP, the common transport protocol for XML, also raises some issues: -
SOAP security must illustrate how data can flow through an application and network topology to meet the requirements set by the policies of the business without exposing the data to undue risk. -
SOAP security must not mandate specific technology or infrastructure, but must provide for portability, flexibility, interoperability, and heterogeneity. | XML white space may change while XML content remains the same. | Digital signatures only work if the calculation of a digital hash is performed on exactly the same bits as the signing calculations. Since noncontent white space can be added to an XML document without changing its meaning, some way to standardize a document must be used before signing and verification. For example, in ASCII text there are three commonly used line endings; we need to permit a signed text to be modified from one line-ending convention to another between the time of signing and signature verification and still be treated as the same document for verification purposes. The solution is to convert the document to some standard canonical form before signing so that surface changes in the document will not break the signature.  |
