XML Security Services
The fast-paced progression of Internet Technologies enables more and more people to use the Internet as information and communication platform. Simultaneously, the portion of information in need of protection exchanged over the Net increases. In doing so, the data transfered is caught in a crossfire of influences, like unauthorised gain of information, data manipulation, forgery of sender addresses, deniability of receipt/sending of messages or message content etc.). Through the development of security technologies assuring attributes like trustworthiness, integrity, authenticity and repudiation of information, the Internet increasingly penetrates public and commercial areas. The latter was proven by the increasing number of eGovernment, B2B or C2B platforms.
In this context, XML becames accepted as base technology for the exchange of structural data objects. While the usage of well-known security mechanisms (like SSL/TLS or PKCS#7/CMS) is always possible, they do not respect the structure of XML data. Therefore, The W3C consortium and the OASIS group developed several XML Security Standards and subsumed them under the term XML Security. These standards prepared the ground for the development of appropriate XML Security Services not only assuring data trustworthiness and integrity, but also for the enforcement of security policies for role based digital rights management (role based acces control and authorisation). The crucial factor of these XML Security Standards is their ability for fine granular, content related and persistent protection of structured data.
The objective of the projects GBIF-D (funded by BMBF) und SYNTHESYS (funded by the EC), taking place in cooperation with the Botanical Museum and Botanical Garden Berlin (BGBM), is to realise a world wide network of biodiversity databases founding on XML data structures (DiGIR/ABCD). Thereby, the task of the working group Networked Information Systems (NBI) concerns the development of security services providing role based access control, rights management as well as the protection of(partially) already existing XML based communication protocols.