[XML Security Suite]

XML Security Suite

Welcome to XML Security Suite!

XML is expected to facilitate Internet B2B messaging because of its simplicity and flexibility. One big concern that customer may have in doing Internet B2B messaging is security. Internet is a public network, and there has been no protection against attacks such as eavesdropping and forgery. If messages are stolen or modified during transmission, B2B messaging will be almost useless. Fortunately, the recent advancement of public-key cryptography has remedied most of the security problems in communication. Using modern cryptographic protocols such as SSL, the Internet became as secure as any other networks, including VANs and intranets.

Our XML Security Suite will push the security further by introducing new security features such as digital signature, element-wise encryption, and access control that are beyond the capability of the transport-level security protocol such as SSL. Our goal is to contribute to the discussions of standard bodies by providing sample implementations, as well as to supply our advanced technologies to our partners and to hear what they think.

What's in This Release?

XML Encryption Implementation

This is an experimental reference implementation of XML Encryption Syntax and Processing, which specifies a process for encrypting data and representing the result in XML.

(Requires Java2 1.3, JCE 1.2.1, Xerces2 2.0, Xalan 2.3, ICU4J 2.1)

XML Access Control

XML Access Control aims at providing XML documents with a sophisticated access control model and access control specification language. With this access control technology, the access control policies control how an XML document appears. The policies also insure the document is securely updated as specified by the security programmer. The next release (not this one) will support XACML standard-based implementation.

(Requires Java2, Xerces 2.0.1, and Xalan 2.3.0)

ASN.1/XML Translator

This library enables to translate ASN.1 data, such as an X.509 certificate and LDAP message, into an XML document and vice versa. It contains the executable code of Java ASN.1 library developed by IBM Zurich Research Lab. and also contains the XSL stylesheet and sample program developed by Mine Sakurai of NEC Networks Development Lab.

(Requires JDK 1.1, Xerces 1.1)

XML-Signature Implementation

This implementation of XML-Signature is based on W3C&IETF's working draft. Your application can sign and verify signatures easily. You need Java2 SDK 1.2 and Xerces Java v1.4 (or Xerces Java v2) and Xalan Java v2.3.

(Requires Java2, Xerces 1.4, Xalan 2.3)

DOMHASH Calculation Library

This is a DOMHASH reference implementation library. This library contains both SAX and DOM implementation. The definition of DOMHASH is available on IETF site as RFC 2803, and we also provide an HTML version in this package. You need to have compliant SAX or DOM parser to run this library (you do not need IBM's XML Parser for Java).

(Requires JDK 1.1, DOM or SAX)

XML Canonicalizer

These are classes implementing Canonical XML , and sample programs.

(Requires JDK 1.1, DOM/SAX implementation, Xalan 2.3)


Also there is an excellent sample of DOMHASH, XMLTreeDiff, as a separate technology available from alphaWorks. Do not forget to check it out!


Add xss4j.jar to CLASSPATH environment varible.

Windows 95/98:
set CLASSPATH=E:\xss4j\xss4j.jar;....
UNIX (csh/tcsh):
setenv CLASSPATH /usr/local/xss4j/xss4j.jar:....
UNIX (sh/ksh/bash/zsh):
CLASSPATH=/usr/local/xss4j/xss4j.jar:....; export CLASSPATH

If you use JDK 1.2, you may copy xss4j.jar to JRE's extension directory, jre/lib/ext/. If you installed JDK 1.2 to E:\jdk1.2, the extension directory is E:\jdk1.2\jre\lib\ext\. In this case, you need not set CLASSPATH.

Applications in this package require an XML parser such as Apache Xerces-J. You have to add .jar files of the XML parser to CLASSPATH or JRE's extension directory.

Note: Take care that old DOM classes are NOT in your CLASSPATH or jre\lib\ext\ directory.


Technical questions and comments to Discussion for XML Security Suite. Non-technical questions to Hiroshi MARUYAMA.

$Id: index.html,v 1.10 2002/04/22 06:22:25 imamu Exp $