EXTENDING XML SIGNATURE AND APPLYING IT TO WEB PAGE SIGNING

Takahito Tsukuba, Kenichiro Noguchi

Abstract

Security technologies for XML, the XML Encryption and the XML Signature developed by the World Wide Web Consortium, will play a vital role in security on the Internet. A binary X.509 certificate encoded in ASN.1 is included in the XML Signature. We propose to extend the XML Signature to fully represent X.509 certificate information in XML. We developed the specifications for extensions. We implemented a converter that transforms between the ASN.1 representation and XML representation of an X.509 certificate that was aimed to verify the validity of our proposal. World Wide Web security is an important issue on the Internet and trusted information is critical. We experimented with Web page signing, applying the extended XML Signature. We propose the scheme for signed Web pages based on the XML Signature. We conducted a test implementation of the scheme with the extended XML Signature. We verified that the proposed scheme could easily be implemented and incorporated into the current Web environment as well as the effectiveness of the extended XML Signature. The paper concludes by identifying necessary areas for future standardization.

References

  1. W3C, 2002a. XML Encryption Syntax and Processing. W3C Recommendation 10 December 2002. http://www.w3.org/TR/2002/REC-xmlenc-core20021210/
  2. W3C, 2002b. XML-Signature Syntax and Processing. W3C Recommendation 12 February 2002.
  3. http://www.w3.org/TR/2002/REC-xmldsig-core20020212/
  4. W3C, 2002c. XHTML™ 1.0 The Extensible HyperText Markup Language (Second Edition). W3C Recommendation 26 January 2000, revised 1 August 2002.
  5. http://www.w3.org/TR/2002/REC-xhtml1-20020801
  6. ITU, 2000. Information technology - Open Systems Interconnection - The Directory: Public-key and attribute certificate frameworks. ITU-T Recommendation X.509.
  7. ITU, 2002a. Information technology - Abstract Syntax Notation One (ASN.1): Specification of basic notation. ITU-T Recommendation X.680.
  8. ITU, 2002b. Information technology - ASN.1 encoding rules: Specification of Basic Encoding Rules (BER), Canonical Encoding Rules (CER) and Distinguished Encoding Rules (DER). ITU-T Recommendation X.690.
  9. ITU, 2003. Information technology - ASN.1 encoding rules: XML Encoding Rules (XER). ITU-T Recommendation X.693.
  10. Flanagan, D., 2000. Java Examples in a Nutshell, Second Edition. Oreilly & Associates Inc.
  11. Imamura, T. , Maruyama, H., 2000. ASN.1/XML Translator and Its Application to Certification Authorities. In SCIS2000 (Symposium on Cryptography and Information Security 2000) (in Japanese)
  12. Bell, N., 1996. PGP signed web-pages. http:// members.aol.com/EJNBell/pgp-www.html
Download


Paper Citation


in Harvard Style

Tsukuba T. and Noguchi K. (2006). EXTENDING XML SIGNATURE AND APPLYING IT TO WEB PAGE SIGNING . In Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2006) ISBN 978-972-8865-63-4, pages 407-412. DOI: 10.5220/0002096204070412


in Bibtex Style

@conference{secrypt06,
author={Takahito Tsukuba and Kenichiro Noguchi},
title={EXTENDING XML SIGNATURE AND APPLYING IT TO WEB PAGE SIGNING},
booktitle={Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2006)},
year={2006},
pages={407-412},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002096204070412},
isbn={978-972-8865-63-4},
}


in EndNote Style

TY - CONF
JO - Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2006)
TI - EXTENDING XML SIGNATURE AND APPLYING IT TO WEB PAGE SIGNING
SN - 978-972-8865-63-4
AU - Tsukuba T.
AU - Noguchi K.
PY - 2006
SP - 407
EP - 412
DO - 10.5220/0002096204070412