Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
XML Signature
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
== Issues == There are criticisms directed at the architecture of XML security in general,<ref>{{Cite web|url=https://www.cs.auckland.ac.nz/~pgut001/pubs/xmlsec.txt|title=Why XML Security is Broken}}</ref> and at the suitability of XML canonicalization in particular as a front end to signing and encrypting XML data due to its complexity, inherent processing requirement, and poor performance characteristics.<ref>[http://grids.ucs.indiana.edu/ptliupages/publications/WSSPerf.pdf Performance of Web Services Security]</ref><ref>[http://www.extreme.indiana.edu/xgws/papers/sec-perf.pdf Performance Comparison of Security Mechanisms for Grid Services]</ref><ref>{{cite web |last1=Zhang |first1=Jimmy |date=2007-01-09 |df=mdy |url=https://www.infoworld.com/article/2077668/accelerate-wss-applications-with-vtd-xml.html |title=Accelerate WSS applications with VTD-XML |work=[[JavaWorld]] |access-date=2020-07-24}}</ref> The argument is that performing XML canonicalization causes excessive latency that is simply too much to overcome for transactional, performance sensitive [[Service-oriented architecture|SOA]] applications. These issues are being addressed in the [http://www.w3.org/2008/xmlsec/ XML Security Working Group].<ref>[http://www.w3.org/2007/xmlsec/ws/report.html W3C Workshop on Next Steps for XML Signature and XML Encryption], 2007</ref><ref>{{Cite web|url=http://www.w3.org/TR/xmlsec-reqs2/|title=XML Security 2.0 Requirements and Design Considerations}}</ref> Without proper policy and implementation<ref name="pk">{{cite web |author=Pawel Krawczyk |year=2013 |url=https://web.archive.org/web/20131214072339/https://ipsec.pl/node/1119 |title=Secure SAML validation to prevent XML signature wrapping attacks}}</ref> the use of XML Dsig in SOAP and WS-Security can lead to vulnerabilities,<ref>{{cite web |url=http://domino.research.ibm.com/library/cyberdig.nsf/papers/73053F26BFE5D1D385257067004CFD80/$File/rc23691.pdf|title=XML Signature Element Wrapping Attacks and Countermeasures|access-date=2023-09-07|publisher=IBM Research Division}}</ref> such as XML signature wrapping.<ref>{{cite web |author1=Juraj Somorovsky |author2=Andreas Mayer |author3=Jorg Schwenk |author4=Marco Kampmann |author5=Meiko Jensen |year=2012 |url=https://www.usenix.org/system/files/conference/usenixsecurity12/sec12-final91-8-23-12.pdf |title=On Breaking SAML: Be Whoever You Want to Be}}</ref>
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)