Get a leg up on XML security development with security toolkits

Those seeking to include various aspects of XML Security infrastructure in their environments may quickly find themselves puzzled by where to go and how to gain access to such technology for runtime use. But the availability of two different developer toolkits for Java means that at least some developers can turn to one or the other (assuming their development plans permit them to use Java-based technologies, that is) for reasonably ready access to a usable set of tools for this purpose. These two toolkits are as follows:

• Entrust Authority Security Toolkit for the Java Platform
• IBM XML Security Suite

Both of these offerings promise to make developers' jobs easier when it comes to integrating XML-based security capabilities into their systems and applications.

More about Entrust Authority

The Entrust offering comes from a leading company in the information security business, which brought one of the first commercial PKI (public key infrastructure) offerings to market in 1994. Entrust Authority is in fact the product family to which the security toolkit covered here belongs. What this toolkit brings to developers is an ability to incorporate strong security features, including encryption and digital signatures into their code. Among other features and benefits, this security toolkit includes the following capabilities:

• Enables secure data transfer, exchange and storage of date with multiple PKI solutions with support for open product standard
• Enables use of cryptography and creation of self-signed certificates without requiring use of PKI
• Supports end-to-end data encryption and accountability using digital signatures, plus various non-repudiation mechanisms
• Supports creation of key pairs or creating digital signatures as specified in RFC 3039 as well as mechanisms for accessing and using keys in Microsoft CAPI stores
• Supports secure file transfer and messaging using XML digital signatures, XML encryption, S/MIME v2 and v3, optional authentication and other mechanisms as appropriate
• Supports broad range of algorithms, including RSA, DSA, ECDSA and AES

This environment works with JDK 1.3.1 or later, J2DSK 1.3 or later, or with Javasoft's Java Plugin 1.3 or later to provide support for older IE or Netscape versions (otherwise, Netscape 6.2 or IE 5.5 or newer versions are required). Works with all platforms for which Sun Java Development kits are available, as well as for numerous IBM and HP-UX Java Development kits (see specifications for details). The Entrust Authority Security Manager software (release 6.x or 7.x) is also required to support this developer toolkit, however.

More About IBM's XML Security Suite

The IBM XML Security provides support for security features that include digital signature, encryption and access control within XML documents, above and beyond what transport-level security protocols such as SSL (Secure Sockets Layer) can deliver. To that end, the suite supports three technologies:

• Digital signatures as specified in the "XML-Signature Syntax and Processing"recommendation (also the subject of IETF documents)
• XML encryption as specified in the "XML Encryption Syntax and Processing" recommendation
• XML Access Control Language (XACL) and implementation

Requirements are basic and straight forward. The code works for clients running Windows 95, 98, NT, 2003, XP or Linux. Developers need to work with JDK 1.1 or 1.2 and the Apache Xerces-J environments (further download and installation instructions are readily available). No other supporting software is needed or required, so this implementation may be more attractive to developers who might not otherwise need to license Entrust Authority offerings.

Either of these toolkits makes it easier for developers to draw on standard XML security services and capabilities, and promises to up the security ante considerably in documents or applications that use them. Thus, both are worth looking into.

--------------------------
About the author: Ed Tittel is a fulltime writer and trainer whose interests include XML and development topics, along with IT Certification and information security topics. E-mail Ed with comments, questions, or suggested topics or tools for review.

This article originally appeared on SearchWebServices.com.

Rate this Tip To rate tips, you must be a member of SearchSoftwareQuality.com. Register now to start rating these tips. Log in if you are already a member. Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT Software testing tools and frameworks Performance testing tools - Commercial, less expensive and free Software Testing Ezines New IBM Rational, Tivoli integrated tools pair development with IT STPCon: Do reality checks on performance test products, panelists advise Demo: Using WebGoat, a free software testing tool Getting answers about OpenSTA script problems Defining core software regression tests Selecting the best tool for stress and load testing Required prerequisites for performance testing Surgient 7's self-provisioning promises software testers quick IT resource access RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary JUnit  (SearchSoftwareQuality.com) NUnit  (SearchSoftwareQuality.com) RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.