|
C+ code, validating XML Signature in (example), 80–81
CA (Certificate Authority) and public key infrastructure, 29–31. See also keys
canonicalization, 69–70
exclusive canonicalization, 70
namespace problems with, 70
and PKCS#7, 70
and XML processing, 69–70
<CanonicalizationMethod>, 240
case studies
foreign exchange transactions, 287–290
local government service portal, 286–287
XML gateway rollout. See XML gateway rollout (case study)
categoryBag, 230
CBC (Cipher Block Chaining), 90
certificates. See also PKI (Public Key Infrastructure)
Kohnfelder proposal for, 138
PKI management of, 139
CheckSignature, 80
CipherValue/CipherReference, 89
circle of trust, 205
C14N (canonicalization). See canonicalization
ComputeSignature, 80
<Conditions>, 107
confidentiality. See also encryption; security
in ebXML, 254, 256
persistent confidentiality, 53
use of SSL for, 38
in XACML, 135
contracts/contract law. See also SAML (Security Assertion Markup Language)
“accept” button, caveats about, 280
acceptance, 262
agreements: what was agreed?, 266–267
agreements: when was it agreed?, 268
agreements: who agreed to it?, 268–269
audit trails, trustworthy, 269–270
authenticating acts, 275–276
biometrics, 34, 278–279
casual queries, 280
checklist, 282–283
consideration, 262
contacts, 229
contracts, legal components of, 261–262
data protection laws, EU and U.S., 270
digital certificates, corroborative, 273, 274
digital certificates, disposable, 274
digital certificates, stand-alone, 273, 274
digital signatures: dispelling the myths, 264–266
digital signatures, hierarchy of, 273–274
digital signatures: legally neutral vs. secured, 272–273
digital signatures, timestamps on, 268
digital signatures vs. digitized electronic signatures, 264
digital signing and key-pair system, 262–264
GUI disability laws, 280
intention to create legal relations, 262
international laws, note on, 272
legal components, a primer of, 261–262
legal security is holistic, 280
litigation planning, 280
“nonce” in messages, 268
offer, 262
online contracting and online security, 261
quaint early legal requirements, 265
SAML, value of, 278
SAML as messenger, not guarantor, 276–277
SAML assertions, securing, 277
SAML assertions and liability, 277
SAML assertions and profiles, 274–275
security, 260–261, 281–282
shared cultural assumptions, importance of, 280–281
“signature,” legal interpretations of, 265
SSL, contractual effect/security of, 278
transport level security vs. full end-to-end security, 266–267
unwanted contracts, 280
Web Services: legally relevant technical trends, 270–271
Web Services architecture, evidential credibility of, 271–272
cookies, Passport, 189–190
MSP Auth cookies, 188
user ID value, 191
CORBA (Common Object Request Broker Architecture), and firewalls, 5
|