Feature

XML Security Learning Guide

Securing XML is an essential element in keeping Web services secure. This SearchSecurity.com Learning Guide is a compilation of resources that review different types of XML security standards and approaches for keeping your XML Web services secure.

Published: 11 Jul 2006

Securing XML is an essential element in keeping Web services secure. Created in partnership with our sister site, SearchWebServices.com, this SearchSecurity.com Learning Guide is a compilation of resources that review different types of XML security standards and approaches for keeping your XML Web services secure. Send me an e-mail to let me know what other learning guides you'd like to see on SearchSecurity.com. Jenny Wiseman, Associate Editor

TABLE OF CONTENTS

   XML Security Key Terms and Definitions
   Introduction to XML Security
   OASIS
   WS-Security
   SAML
   XML Signatures & Encryption
   XML Firewalls
   More Security Learning Resources
   Free Security IT Downloads

XML Security Key Terms and Definitions

Return to Table of Contents

Security Assertion Markup Language (SAML) (SearchSecurity.com Glossary)
Authentication (SearchSecurity.com Glossary)
Authorization (SearchSecurity.com Glossary)
Digital signature (SearchSecurity.com Glossary)
SOAP (Simple Object Access Protocol)(SearchWebservices.com Glossary)
Algorithm (SearchSecurity.com Glossary)
Extensible Access Control Markup Language (XACML) (SearchSecurity.com Glossary)
Organization for the Advancement of Structured Information Standards (OASIS) (SearchWebservices.com Glossary)
Encryption (SearchSecurity.com Glossary)
WS-Security (SearchWebservices.com Glossary)
Firewall (SearchSecurity.com Glossary)
Single signon (SearchSecurity.com Glossary)
Public key infrastructure (PKI) (SearchSecurity.com Glossary)

Introduction to XML Security

Return to Table of Contents

Article: XML complexity introduces security risks (SearchSecurity.com)
Article: Web services require new approach to security (SearchSecurity.com)
Article: Sorting out the Web services security landscape (SearchSecurity.com)
Conference presentation: How to Overcome Web Services Security Obstacles (Information Security Decisions 2005)
Quiz: Infosec Know IT All Trivia: Securing Web services (SearchSecurity.com)
Advice: Confused about differences in Web services security technology (SearchSecurity.com)
Webcast: Web Services Security School, Lesson 1: Why Web services need security and trust (SearchWebServices.com)

OASIS

Return to Table of Contents

Article: Web services security specs hit the standards track (SearchWebServices.com)
Article: OASIS advances security standards (SearchSecurity.com)
Article: OASIS ratifies core security spec (SearchSecurity.com)
Article: Latest Web services spec tackles application flaws (SearchSecurity.com)
Advice: National standards, security bodies release security checklists spec (SearchWebServices.com)
Advice: How will the battle between W3C and OASIS affect Web service security standards? (SearchSecurity.com)
Article: Study shows companies still lukewarm (for now) on Web services (SearchSecurity.com)

WS-Security

Return to Table of Contents

Fast facts: WS-Security (SearchWebServices.com)
Q&A: Standards expert: WS-Security changing Web services landscape (SearchSecurity.com)
Article: WS-Security celebrates anniversary as a standard (SearchSecurity.com)
Article: Implementing WS-Security (SearchWebServices.com)
Advice: What security concerns does WS-Security address? (SearchSecurity.com)
Advice: Are there other projects for Web services security in the works beside WS-Security? (SearchSecurity.com)
Advice: How will WS-Security impact Web services deployments? (SearchWebServices.com)
Advice: A few questions regarding XML security (SearchWebServices.com)

SAML

Return to Table of Contents

Article: RSA 2006: Hunger grows for federated ID (SearchSecurity.com)
Article: Eight vendors pass SAML 2.0 sniff test (SearchSecurity.com)
Article: Liberty Alliance begins SAML 2.0 testing in July (SearchSecurity.com)
Article: Young SAML must conquer business pressures (SearchSecurity.com)
Article: SAML 2.0 unifies support for federation (SearchWebServices.com)
Article: SAML ratification enables vendor interoperability (SearchSecurity.com)
Article: Federal agency demonstrates SAML interoperability (SearchWebServices.com)
Advice: Limiting the risk and liability of federated identities (SearchSecurity.com)
Advice: How SAML works (SearchWebServices.com)
Advice: Are SAML and WS-Security competitive specifications for Web services security? (SearchSecurity.com)
Webcast: Leveraging the power of SAML (SearchSecurity.com)
Webcast: Web Services Security School, Lesson 4: SAML (SearchWebServices.com)

XML Signatures & Encryption

Return to Table of Contents

Article: Securing Web services requires out-of-box thinking (SearchSecurity.com)
Article: Web services pose identity management challenges (SearchWebServices.com)
Q&A: The pros and cons of securing Web services with SSL (SearchSecurity)
Article: Report recommends standalone XML security appliances (SearchWebServices.com)
How-to guide: Supporting digital signatures within SOAP messages (SearchWebServices.com)
Advice: Determining from WSDL if a Web service supports XML signature (SearchSecurity.com)
Advice: Confused about differences in Web services security technology (SearchSecurity.com)
Advice: Support for XML signature/encryption (SearchWebServices.com)
Advice: What implementation(s) of XML encryption and XML signature would you recommend? (SearchWebServices.com)
Webcast: Web Services Security School, Lesson 3: XML Signature and XML Encryption for Web services (SearchWebServices.com)

XML Firewalls

Return to Table of Contents

Article: Web application firewalls create breathing room (SearchSecurity.com)
Article: Rockwell Collins taps XML security appliance for services foundation (SearchWebServices.com)
Article: XML viruses threaten Web services security (SearchSecurity.com)
Article: XML firewalls dig deeper than traditional firewalls (SearchSecurity.com)
Article: Web application, XML firewalls converge in one appliance (SearchWebServices.com)
Article: Web services security vendors focus on access control, XML firewalls (SearchSecurity.com)
Article: New XML firewall keeps watch on Web services (SearchWebServices.com)
Article: Various flavors of firewalls are evolving (SearchSecurity.com)
Article: XML firewall integrates crypto hardware (SearchSecurity.com)
Article: Westbridge exec: When XML is a factor, standard firewalls don't cut it (SearchSecurity.com)
Advice: XML-based attacks and how to guard against them (SearchSecurity.com)
Advice: Securing Web services: A job for the XML firewall (SearchSecurity.com)
Featured Topic: XML firewalls (SearchWebServices.com)

More Security Learning Resources

	SECURITY SCHOOL		LEARNING GUIDES		CHECKLISTS		GLOSSARY		ASK THE EXPERTS

XML Security Learning Guide

Securing XML is an essential element in keeping Web services secure. This SearchSecurity.com Learning Guide is a compilation of resources that review different types of XML security standards and approaches for keeping your XML Web services secure.

Read more on Web software

Security School: Distributed denial-of-service attack defense

Next-generation firewalls: Quiz on must-have NGFW features

Quiz: Using SIEM technology to improve security management processes

Quiz: Targeted attacks