Loading ...
Sorry, an error occurred while loading the content.

REVEWI: "Secure XML", Donald E. Eastlake/Kitty Niles

Expand Messages
  • Rob, grandpa of Ryan, Trevor, Devon & Ha
    BKSECXML.RVW 20020831 Secure XML , Donald E. Eastlake/Kitty Niles, 2003, 0-201-75605-6, U$44.99/C$69.99 %A Donald E. Eastlake III %A Kitty Niles %C
    Message 1 of 1 , Oct 22 8:15 AM
      BKSECXML.RVW 20020831

      "Secure XML", Donald E. Eastlake/Kitty Niles, 2003, 0-201-75605-6,
      %A Donald E. Eastlake III
      %A Kitty Niles
      %C P.O. Box 520, 26 Prince Andrew Place, Don Mills, Ontario M3C 2T8
      %D 2003
      %G 0-201-75605-6
      %I Addison-Wesley Publishing Co.
      %O U$44.99/C$69.99 416-447-5101 fax: 416-443-0948
      %P 532 p.
      %T "Secure XML: The New Syntax for Signatures and Encryption"

      Part one is introductory material. Chapter one is about XML
      (eXtensible Markup Language), but is not very clear, especially in
      regard to the relationship between XML, SGML (Standard Generalized
      Markup Language), and HTML (HyperText Markup Language). Security
      concepts do not play a big part. The tutorial on cryptography, in
      chapter two, is very simplistic, uses obtuse language, and is much
      harder on the reader than is really necessary.

      Part two deals with the basics of XML. Chapters three through eight
      present some of the syntax and structure of XML documents, DTDs
      (Document Type Definitions), Schemas (particularly unclear), XPath,
      XPointer, and SOAP. That is about all they provide: the material is
      not helpful in explaining uses, or how the parts fit into a framework
      or package.

      Part three covers canonicalization and authentication.
      Canonicalization is important to authentication, as chapter nine
      points out, because it allows us to eliminate meaningless differences
      between essentially the same file, as when different file systems use
      varying newline characters or sequences. Ordinarily, such differences
      would result in differences in hash code results, and therefore a
      false failure of authentication. Chapter ten outlines signature
      syntax, while eleven talks very briefly about the XMLDSIG standard for
      digital signatures, and twelve reviews the European Telecommunications
      Standards Institute's (ETSI) somewhat more advanced signatures.

      Part four looks at keying, with the KeyInfo element in chapter
      thirteen, and XKMS key management in fourteen. Chapter fifteen, on
      the proposed XMLENC standard, and sixteen, containing some discussion
      of combinations of encryption and signatures, make up part five. Part
      six, entitled "Algorithms," reviews algorithm specification, in
      chapter seventeen; available algorithms, in eighteen; and related non-
      cryptographic algorithms, in nineteen.

      The writing is turgid, almost deliberately dense, and fails to provide
      necessary tutorial details. Those who are well familiar with XML will
      find some particulars regarding the specific encryption documents, but
      few others will find the work useful.

      copyright Robert M. Slade, 2002 BKSECXML.RVW 20020831

      ====================== (quote inserted randomly by Pegasus Mailer)
      rslade@... rslade@... slade@... p1@...
      Education is the best defense against the media.
      http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade
    Your message has been successfully submitted and would be delivered to recipients shortly.