Web security standards no easy task

Computing technology has moved in waves, starting with mainframes, moving to PCs and client/server models and then to the Web. With each of these transitions came a need to rewrite underlying security protocols so they can operate in new


With Extensible Markup Language serving as the foundation for the next wave — collectively referred to as Web services — there comes the requirement to add security functions to the markup language. Because this new

computing paradigm focuses on the

complex interplay of hardware, software and networking, a number of standards groups are involved in the process, including the Internet Engineering Task Force (IETF), the World Wide Web Consortium (W3C) and the Organization for the Advancement of Structured Information

Standards (OASIS).

These groups have devised more than a dozen security protocols that will play

a role in delivering Web services. Here

are brief descriptions of the specifications, the roles they will play in electronic

transactions and the groups responsible for them.


* Security Assertion Markup Language helps users and computers authenticate and authorize information exchanges.

* Extensible Access Control Markup Language is a specification for expressing policies for information access.

* Service Provisioning Markup Language defines how to exchange user, resource and service provisioning information.

* Web Services Security adds XML security protocols to Simple Object Access Protocol.

* Extensible Rights Markup Language manages copyrights for digital content.

* XML Common Biometric Format

defines an XML version of the Common Biometric Exchange File Format.

From W3C:

* XML Digital Signature provides integrity, signature assurance and nonrepudiation of various transactions.

* XML Encryption encrypts and decrypts digital content.

* XML Key Management Specification

provides a method for obtaining cryptographic keys.

From IETF:

* Transport Layer Security builds on

Secure Sockets Layer to secure Internet traffic between two points.

* Simple Authentication and Security Layer adds authentication to connection-based protocols.

* Kerberos provides tickets for authenticating users.

* Blocks Extensible Exchange Protocol helps establish quality of service over the Internet.


  • 2018 Fed 100

    The 2018 Federal 100

    This year's Fed 100 winners show just how much committed and talented individuals can accomplish in federal IT. Read their profiles to learn more!

  • Census
    How tech can save money for 2020 census

    Trump campaign taps census question as a fund-raising tool

    A fundraising email for the Trump-Pence reelection campaign is trying to get supporters behind a controversial change to the census -- asking respondents whether or not they are U.S. citizens.

  • Cloud
    DOD cloud

    DOD's latest cloud moves leave plenty of questions

    Speculation is still swirling about the implications of the draft solicitation for JEDI -- and about why a separate agreement for cloud-migration services was scaled back so dramatically.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.