36th Annual Hawaii International Conference on System Sciences, 2003. Proceedings of the (2003)
Big Island, Hawaii
Jan. 6, 2003 to Jan. 9, 2003
R. G. Bartlett , University of Western Sydney
M. W. Cook , University of Western Sydney
<p>The eXtensible Markup Language (XML) is regarded generally as having promise of becoming established as the general purpose framework for enabling transfer of data amongst heterogeneous environments. It is of interest therefore to analyse how suitable it may be once details of applications requirements and constraints are taken into account. One important requirement is for the security of documents in transit.</p> <p>Closely associated with XML is the eXtensible Stylesheet Language (XSL), whose document transformation component (XSLT) may well have sufficient functionality to perform all reasonable cryptographic transformations to deliver a desired level of document security. We examine this question by describing a real world XML application whose security requirements are more complex than for a simple document transfer between just two parties; proposing a document transfer architecture into which XSLT can be plugged-in; and identifying those features of XSLT which must be applied to meet the application requirements.</p> <p>We conclude that XSLT is only just adequate in the proposed scenario; and then only by making use of its "extension functions" capability.</p>
XML, XSLT, Security
M. W. Cook and R. G. Bartlett, "XML Security Using XSLT," 36th Annual Hawaii International Conference on System Sciences, 2003. Proceedings of the(HICSS), Big Island, Hawaii, 2003, pp. 122b.