ADDING SECURITY INFORMATION IN XML DOCUMENTS

XML\u27s popularity in the last few years has made this mark-up language a de facto standard for the web data interchange. DTD\u27s (or Schemas) definition associated with XML documents introduces data modelling in XML\u27s world, allowing the specification of a hierarchy of concepts or elements that constitute the XML document. Taking into account that the purpose of these data models is the highly structured information exchange among several systems, it is required to incorporate security mechanisms that allow a secure interchange. The World Wide Web Consortium (W3C) is working in the recommendations of several XML security standards. Between them, we emphasize in the XML-Signature Syntax and Processing, which allows the insertion and information processing of authentication and digital signature. Once the XML security standards have been approved as recommendations, the following step will be to include them completely or just certain parts in future or new versions of the DTD\u27s or existing Schemas, but at present many DTD’s exists that do not consider these security components within their definition. This is the case of the NewsML DTD, standard for the press news electronic interchange. The XML security standards are characterized by high flexibility and extensibility, because of that it is necessary to make an exhaustive study of the domain where it is intended to be applied and define a specific application upon the domain DTD or Schema. What we propose in this paper is a way to include information of authentication and digital signature in the NewsML DTD. In order to indicate a possible application, we carry on a joint study of XML-Signature Syntax and Processing and NewsML, analysing in what elements and how authentication and digital signature might be included

Arquitectura y mecanismos para la provisión de servicios de acreditación y sellado espacio-temporal

Esta tesis se centra en unos servicios de seguridad de reciente aparición: los servicios de acreditación y sellado espacio-temporal (SASET). Estos servicios tienen como objetivo generar, recoger, mantener, proporcionar y validar evidencias digitales acerca de las condiciones espacio-temporales de una entidad o un documento. Dichas evidencias deben permitir que, con posterioridad, terceras entidades se convenzan de las condiciones espacio-temporales que se acreditan en ellas. Según esta definición, los SASET se enmarcan dentro del conjunto de servicios de seguridad denominados como servicios de confianza, que son aquellos servicios que tienen como objetivo establecer y gestionar la confianza en diversas actividades llevadas a cabo utilizando comunicaciones electrónicas en redes abiertas (e.g., actividades comerciales, administrativas, financieras, legales, etc.).The focus of this thesis is a new kind of security services that have recently been proposed. These services are known as spatial-temporal attestation services (STAS). Their goal is to generate, collect, store, provide and validate digital evidences about the spatial temporal conditions of an entity or a document. These evidences should allow to convince third parties about the spatial-temporal conditions they attest. According to this definition, the STAS can be considered trust services, whose goal is to establish and manage trust in different activities that take place using electronic communications in open networks (e.g., business, financial, legal, commercial, administrative, etc.)