Web security standards no easy task

Computing technology has moved in waves, starting with mainframes, moving to PCs and client/server models and then to the Web. With each of these transitions came a need to rewrite underlying security protocols so they can operate in new

environments.

With Extensible Markup Language serving as the foundation for the next wave — collectively referred to as Web services — there comes the requirement to add security functions to the markup language. Because this new

computing paradigm focuses on the

complex interplay of hardware, software and networking, a number of standards groups are involved in the process, including the Internet Engineering Task Force (IETF), the World Wide Web Consortium (W3C) and the Organization for the Advancement of Structured Information

Standards (OASIS).

These groups have devised more than a dozen security protocols that will play

a role in delivering Web services. Here

are brief descriptions of the specifications, the roles they will play in electronic

transactions and the groups responsible for them.

From OASIS:

* Security Assertion Markup Language helps users and computers authenticate and authorize information exchanges.

* Extensible Access Control Markup Language is a specification for expressing policies for information access.

* Service Provisioning Markup Language defines how to exchange user, resource and service provisioning information.

* Web Services Security adds XML security protocols to Simple Object Access Protocol.

* Extensible Rights Markup Language manages copyrights for digital content.

* XML Common Biometric Format

defines an XML version of the Common Biometric Exchange File Format.

From W3C:

* XML Digital Signature provides integrity, signature assurance and nonrepudiation of various transactions.

* XML Encryption encrypts and decrypts digital content.

* XML Key Management Specification

provides a method for obtaining cryptographic keys.

From IETF:

* Transport Layer Security builds on

Secure Sockets Layer to secure Internet traffic between two points.

* Simple Authentication and Security Layer adds authentication to connection-based protocols.

* Kerberos provides tickets for authenticating users.

* Blocks Extensible Exchange Protocol helps establish quality of service over the Internet.

Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.