3. Basic Concepts XML Digital Signature: Use and ... - Google Sites

SENIOR PROJECT 2007-2008 (Basic concepts of the ekoSign project)

3. Basic Concepts XML Digital Signature: Use and Adaptation to Achieve Success in E-business Processes

Project team members

Hüseyin Çakır, Mehmet Mesut Özışık, Yılmaz Kaya

Abstract:This paper presents basic concepts that are needed during project implementation. At first part of the document the description of supply chain and it's elements are explained with motivation to the business challenges, company policies in an organization and some terminologies about XML Signature including digital signatures. Keywords:Digital signature, e-business, supply chain, XML signature.

http://groups.google.com/group/digitalsignature [email protected] PRINT DATE: 05/06/08

1

3.1 Introduction This documentation related with the inception phase of the project. The goals of this phase is to establish a business case for the project and outline key requirements that will drive the design trade offs . Figure 3.1 shows the steps of the unified process and which step the project plan paper belongs to. Inception

Elaboration

Construction

Transition

1.Introduction 2.Project Plan 3.Basic Concepts Figure 3.1 Steps of Unified Process.

During 80s business start to be conducted over internet especially after emergence of high speed communication networks as a result of this a lot of companies try to carry their internal and external operations using digital rather than traditional manual documentation. Constructing new procedures in type="SignatureType"/> Figure 3.7 Sample Signature Element.

7

There are eight main concepts that is used in the XML layout : • • • • • • •

Id Attribute SignatureValue Element SignedInfo Element KeyInfo Element Reference Element Transforms Element Manifest Element

Id The global Id attribute allows a document to contain multiple signatures, and provides a way to identify particular instances. Multiple signatures are common in business policies, such as when both the manager and the Travel Office must approve a trip application. SignatureValue Element This element contains the actual signature. As signatures are always binary type="SignatureValueType"/> Figure 3.8 Sample SignatureValue Element.

SignedInfo Element The content of SignedInfo can be divided into two parts, information about the SignatureValue, and information about the application content, as we can see from the following XML Schema fragment: Figure 3.9 Sample SignedInfo Element.

8

KeyInfo Element Recall that content is protected by using indirection: the SignatureValue covers the SignedInfo, which contains References that contain the digest values of the application type="KeyInfoType"/> Figure 3.12 Sample Transforms Element.

Manifest Element The Manifest element provides a list of References. The difference from the list in SignedInfo is that it is application defined which, if any, of the digests are actually checked against the objects referenced and what to do if the object is inaccessible or the digest compare fails [6]. Figure 3.7 Sample Manifest Element.

10

3.6 References [1]. A. Gupta., Y.A. Tung, J.R. Marsten, “Digital signature:use and modification to achieve success in next generational e-business processes”, Science Direct, p.571, June 2003. [Online]. Available:http://www.sciencedirect.com. [Accessed October 17, 2007]. [2].Sunil Chopra, Peter Meindil , “Chapter1, Understanding the supply chain ”, in Supply Chain Management 3rd edition, pp.3-18. [3]. “Information technology . Security techniques”, ISO/IEC, p.7, February 2005. [4].The World Wide Web Consortium, “XML Available:http://www.w3.org/Signature [Accessed October 25, 2007].

Signature”,

[Online].

[5].Microsoft Developer Network, “ Understanding XML Digital Signature”[Online]. Available:http://msdn2.microsoft. com/en-us/library/ms996502.aspx [Accessed November 2007]. [6]. The World Wide Web Consortium , “XML Signature Syntax and Processing”, [Online]. Available: http://www.w3.org/TR/xmldsig-core/#sec [Accessed December 20, 2007].

11