REVEWI: "Secure XML", Donald E. Eastlake/Kitty Niles
- BKSECXML.RVW 20020831
"Secure XML", Donald E. Eastlake/Kitty Niles, 2003, 0-201-75605-6,
%A Donald E. Eastlake III
%A Kitty Niles
%C P.O. Box 520, 26 Prince Andrew Place, Don Mills, Ontario M3C 2T8
%I Addison-Wesley Publishing Co.
%O U$44.99/C$69.99 416-447-5101 fax: 416-443-0948
%P 532 p.
%T "Secure XML: The New Syntax for Signatures and Encryption"
Part one is introductory material. Chapter one is about XML
(eXtensible Markup Language), but is not very clear, especially in
regard to the relationship between XML, SGML (Standard Generalized
Markup Language), and HTML (HyperText Markup Language). Security
concepts do not play a big part. The tutorial on cryptography, in
chapter two, is very simplistic, uses obtuse language, and is much
harder on the reader than is really necessary.
Part two deals with the basics of XML. Chapters three through eight
present some of the syntax and structure of XML documents, DTDs
(Document Type Definitions), Schemas (particularly unclear), XPath,
XPointer, and SOAP. That is about all they provide: the material is
not helpful in explaining uses, or how the parts fit into a framework
Part three covers canonicalization and authentication.
Canonicalization is important to authentication, as chapter nine
points out, because it allows us to eliminate meaningless differences
between essentially the same file, as when different file systems use
varying newline characters or sequences. Ordinarily, such differences
would result in differences in hash code results, and therefore a
false failure of authentication. Chapter ten outlines signature
syntax, while eleven talks very briefly about the XMLDSIG standard for
digital signatures, and twelve reviews the European Telecommunications
Standards Institute's (ETSI) somewhat more advanced signatures.
Part four looks at keying, with the KeyInfo element in chapter
thirteen, and XKMS key management in fourteen. Chapter fifteen, on
the proposed XMLENC standard, and sixteen, containing some discussion
of combinations of encryption and signatures, make up part five. Part
six, entitled "Algorithms," reviews algorithm specification, in
chapter seventeen; available algorithms, in eighteen; and related non-
cryptographic algorithms, in nineteen.
The writing is turgid, almost deliberately dense, and fails to provide
necessary tutorial details. Those who are well familiar with XML will
find some particulars regarding the specific encryption documents, but
few others will find the work useful.
copyright Robert M. Slade, 2002 BKSECXML.RVW 20020831
====================== (quote inserted randomly by Pegasus Mailer)
rslade@... rslade@... slade@... p1@...
Education is the best defense against the media.
http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade