I have few questions regarding XML security:
1.What is the relationship between WS-security and SAML? Do you think that eventually these two standards will become one?
2.What is the relationship between XML encryption, XML signature and SAML/WS-security?
Are XML encryption and XML signature a subset of the two other?
3.Can SAML and WS-Security work together?
4.Are there any other important XML security standards out there except XML encryption, XML signature, (XKMS) XML key management specifications, WS-Security, SAML and XACL for access control?
All the questions you ask are good questions to which I (and I suggest I am not alone) do not have the answers. The whole security arena is quite fragmented and volatile at the moment. This is not helped by the fact that security on the Internet at large is an unsolved problem. XML or no XML, there is no consensus as to how to achieve non-repudiation for example - a vital component of transactional processes on the Internet.
The Halcyon days of PKI as a solution to these problems seem long gone - not necessarily for technical reasons. I suspect things will get worse before they get better in the XML security space.
Dig Deeper on Topics Archive
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.