|
XML is expected to facilitate Internet B2B messaging because of its simplicity and flexibility. One big concern that customer may have in doing Internet B2B messaging is security. Internet is a public network, and there has been no protection against attacks such as eavesdropping and forgery. If messages are stolen or modified during transmission, B2B messaging will be almost useless. Fortunately, the recent advancement of public-key cryptography has remedied most of the security problems in communication. Using modern cryptographic protocols such as SSL, the Internet became as secure as any other networks, including VANs and intranets.
Our XML Security Suite will push the security further by introducing new security features such as digital signature, element-wise encryption, and access control that are beyond the capability of the transport-level security protocol such as SSL. Our goal is to contribute to the discussions of standard bodies by providing sample implementations, as well as to supply our advanced technologies to our partners and to hear what they think. In this release of XML Security Suite, we provide reference implementations of DOMHASH, a proposed canonicalized digest value for XML document, and its two sample applications. DOMHASH can be a basis for XML digital signature that is being discussed in both IETF and W3C.
- What are in this release?
In this release, there are three technologies.
- Reference implementations of DOMHash, both for pure DOM API and pure SAX API.
- Sample digital signature implementation based on Richard Brown's Internet Draft (draft-brown-xml-dsig-00.txt).
- DOMHash Test Tool for testing your DOM or SAX implementation.
- I am outside of US. Can I run digital signature sample without strong encryption that is export controlled?
The sample program uses JDK's default cryptography provider, which has Digital Signature Algorithm (DSA).Since DSA can only be used for digital signature, not for encryption (which is not the case of RSA),it is not subject to the export regulation. You can use a key of whatever length you like.
- Do I need IBM's XML for Java parser to run the DOMHash?
No. These DOMHash implementations are solely based on DOM and SAX API. Any compliant XML processors can be used to run these reference implementations.
For the digital signature sample, you need XML for Java version 2.
- DOMHash and XML digital signature are not yet standards, aren't they?
No, not yet. The standard activities have just begun, in both IETF and W3C. One of the objectives of this release is to stimulate the discussion in these groups. The latest DOMHash specification is available from IETF's web site as well as it is included in this package
- What are other technologies coming out as part of XML Security Suite?
We are planning to release several things, including encryptions and access control. So stay tuned! Also we would very much like to hear your requirements and suggestions. Please contact one of us. Thanks!
Click here to view the
Installation Procedures
|
XML Security Suite Platform Requirements |
| Platform |
Win 95/98/NT, Linuxp |
| Java Tools |
JDK 1.1 or JDK 1.2 |
| Additional Java Packages |
XML Parser for Java |
XML Security Suite Installation Procedures
- Add xss4j.jar to CLASSPATH environment varible.
- Windows 95/98:
set CLASSPATH=E:\xss4j\xss4j.jar;....
- UNIX (csh/tcsh):
setenv CLASSPATH /usr/local/xss4j/xss4j.jar:....
- UNIX (sh/ksh/bash/zsh):
CLASSPATH=/usr/local/xss4j/xss4j.jar:....; export CLASSPATH
If you use JDK 1.2, you may copy xss4j.jar to JRE's extension directory, jre/lib/ext/. If you installed JDK 1.2 to E:\jdk1.2, the extension directory is E:\jdk1.2\jre\lib\ext\. In this case, you need not set CLASSPATH.
Applications in this package require an XML parser such as XML4J. You have to add .jar files of the XML parser to CLASSPATH or JRE's extension directory.
- Follow additional installation verification instructions in the README.html file.
|
