14.1 XML

One of the appeals of XML is its structured semantics and schema-driven nature, which allows creating an abstraction from computer-based security terms to more human-readable policy terms. This feature is especially useful when XML is used to make access-control decisions. More important, perhaps, is the belief that in the near future, XML will enable software computer agents to parse information and make risk-based judgments about interactions without human intervention.

When security is defined in platform-specific security terms, policies that do not reflect the cross-platform trust needs of the business have a higher risk of being established. Using XML, it is possible to enable organizations to define policies and express them as XML documents. Sections of these XML documents can be encrypted, and all or parts of the documents themselves can be digitally signed by one or more entities and then interpreted by the recipients using local security mechanisms. Various implementations can map from the XML description to a local platform-specific policy-enforcement mechanism without requiring changes to the infrastructure.

Issues such as single sign-on have been plaguing the computer security industry for years (see Section 4.5.2 on page 123). The problem arises from each system's building its own mechanism for identifying users or principals. Humans are often the weakest link in any security model, and the burden of maintaining multiple identities has caused users to find creative ways of subverting the security mechanisms set up to protect them. A digitally signed XML token that asserts the identity of a user and type of authentication that the user has performed and that has been verified by a trusted authority allows building platform-independent models whereby a user authenticates once, and the proof of that authentication can then be asserted to others who share the same administrative domain. If these assertions are part of a larger trust model, decisions about the named user can be made without revealing keys or requiring the same security implementation on every platform.

Another area in which XML offers consistent value is Trading Partner Agreement (TPA). The electronic data interchange (EDI) ^[3] community has struggled with how to express the agreements between trading partners and has been held back by the complexity of configurations. The work in the Security Assertion Markup Language (SAML) within the Organization for the Advancement of Structured Information Standards (OASIS) ^[4] has set the standard for exchanging authentication and authorization information between domains. Also driven by OASIS is the eXtensible Access Control Markup Language (XACML), a security standard that allows developers to write and enforce information-access rules.

^[3] EDI is a set of protocols for conducting highly structured interorganization exchanges, such as for making purchases or initiating loan requests .

^[4] See http://www.oasis- open .org.