Developing a Framework to Implement Public Key Infrastructure Enabled Security in XML Documents

This paper concentrates on proposing a framework to implement the PKI enables security in XML documents, by defining a common framework and processing rules that can be shared across applications using common tools, avoiding the need for extensive customization of applications to add security. The Framework reuses the concepts, algorithms and core technologies of legacy security systems while introducing changes necessary to support extensible integration with XML. This allows interoperability with a wide range of existing infrastructures and across deployments. Currently no strict security models and mechanisms are available that can provide specification and enforcement of security policies for XML documents. Such models are crucial in order to facilitate a secure dissemination of XML documents, containing information of different sensitivity levels, among (possibly large) user communities

A Missing Piece of RSS Technology

In the Information Age, people use RSS (Really Simple Syndication) Technology to help them to easily get the latest contents from websites by accessing only a single website as well as by using mobile devices. Several companies have started to use RSS for distributing their information to customers. However, most contents published via RSS technology are public and not confidential such as credit card information, financial business information etc. Since the RSS technology does not have a mechanism to ensure that the incoming information is really secure, in this paper we have proposed a Secure Information Notifying System with RSS Technology (SInfoNS). We have applied the RSS technology together with the cryptography to make any RSS document become secure before disseminating it to relevant users. The SInfoNS also uses XSL to apply to private information retrieval and XML schema and SchemaPath definitions have been created for validation. The results displayed on a user's mobile device provide users with the latest information. The results of this study confirm that our system will aggregate RSS documents and disseminate information to each user. The SInfoNS enables RSS technology for the use of private information that can be securely distributed.Cryptography, Really Simple Syndication, RSS, XML Schema, XSL

E-commerce Systems and E-shop Web Sites Security

Fruitfulnes of contemporary companies rests on new business model development, elimination of communication obstacles, simplification of industrial processes, possibilities of responding in real-time and above all meeting the floating custom needs. Quite a number of company activities and transactions are realized within the framework of e-business. Business transactions are supported by e-commerce systems. One of the e-commerce system part is web interface (web sites). Present trend is putting the accent on security. E-commerce system security and web sites security is the most overlooked aspect of securing data. E-commerce system security depends on technologies and its correct exploitation and proceedings. If we want e-commerce system and e-shops web sites with all services to be safety, it is necessary to know all possible risks, use up to date technologies, follow conventions of web sites development and have good security management system. The article deals with definition and description of risk areas refer to e-commerce systems and e-shop web sites and show fundamental principles of e-commerce systems and e-shop web sites security.E-commerce system, e-shop web sites, security, security proceedings, web technologies

Survey on XML encryption

Every transaction on the Internet involves some kind of data. Data can be transferred in various modes. Now a days, XML is widely used for transferring and storing the data. There must be some mechanism to protect these data. In most of the literature, two most important techniques i.e. XML Signature and XML Encryption are used for securing these XML data. These two techniques provide signing and encrypting of XML data using cryptographic functionalities and results are also represented in XML format. These two techniques are con- sidered as standard worldwide which is released by W3C. In this thesis we are focusing on XML Encryption. In this study, W3C standards are used to encrypt sensitive XML data. JavaScript has been used to implement encryption of XML data and "Node.js" as software platform for providing the environment for encrypting. In this study, time elapsed is also measured in case of encryption and decryption. We have used AES and Triple DES algorithm for encryption of XML data. For encryption of symmetric key, RSA is used. Library used is "xml-encryption" for encryption and decryption. Time analysis for encryption and decryption are also shown by graph

XML Integrated Environment for Service-Oriented Data Management

The proliferation of XML as a family of related standards including a markup language (XML), formatting semantics (XSL style sheets), a linking syntax (XLINK), and appropriate data schema standards have emerged as a de facto standard for encoding and sharing data between various applications. XML is designed to be simple, easily parsed and self-describing. XML is based on and support the idea of separation of concerns: information content is separated from information rendering, and relationships between data elements are provided via simple nesting and references. As the XML content grows, the ability to handle schemaless XML documents becomes more critical as most XML documents do not have schema or Document Type Definitions (DTDs). In addition, XML content and XML tools are often required to be combined in effective ways for better performance and higher flexibility. In this research, we proposed XML Integrated Environment (XIE) which is a general-purpose service-oriented architecture for processing XML documents in a scalable and efficient fashion. The XIE supports a new software service model that provides a proper abstraction to describe a service and divide it into four components: structure, connection, interface and logic. We also proposed and implemented XIE Service Language (XIESL) that can capture the creation and maintenance of the XML processes and the data flow specified by the user and then orchestrates the interactions between different XIE services. Moreover, XIESL manages the complexity of XML processing by implementing an XML processing pipeline that enables better management, control, interpretation and presentation of the XML data even for non-professional users. The XML Integrated Environment is envisioned to revolutionize the way non-professional programmers see, work and manage their XML assets. It offers them powerful tools and constructs to fully utilize the XML processing power embedded in its unified framework and service-oriented architecture