You are here: silicon.com > Resources > White Papers > Software and Web Development > E-commerce - E-Business > Transaction Processing

Transaction Processing White Papers

Security Services Markup Language

Overview This specification defines Security Services Markup Language (S2ML), a protocol for two security services: authentication and authorization. The protocol consists of request and response pairs of XML documents for each service. This specification provides a schema that governs these XML documents, as well as bindings to several message and transport protocols with which S2ML might be used.

S2ML recognizes that there are a wide range of authentication technologies in use, such as login-password, SSL, Digital Signing, Kerberos, and Smart Cards. There are also many frameworks for authorization, including ACLs, Capabilities, and the Java Authorization Model. A major design goal for S2ML is to provide a single syntax within which a broad class of authentication and authorization techniques can be expressed, and, which can convey the results established by a wide variety of existing security mechanisms.

S2ML defines two key XML elements—Name Assertions and Entitlements—that provide a foundation for sharing security artifacts on the Internet. Traditionally, security has been viewed in the context of a transaction that is entirely contained within a single enterprise. Increasingly, transactions, whether driven by users or by document flow, may involve cooperating but distinct enterprises. Transactions may originate at a workstation, and with the help of a portal or marketplace site, pass through a series of staged interactions with other sites. For example, one site may authenticate a name-to-credential binding while another site provides additional assessment of the named user’s capabilities to perform a transaction. Authentication, authorization, and entitlement information required to complete or enable a transaction may originate from many sites and be interpreted at other sites.

Further White Paper Details
Publisher	Netegrity	File Format	PDF, requires Acrobat Rdr 5
Date Published	January 2001	Downloads	11
Format	White Papers
Topics	Transaction Processing, XML, Transaction Management, Digital Signatures, SSL - TLS

Did you find this white paper useful? 4 out of 7 users found this white paper useful

Vendors rush to back new e-transaction spec

The AuthXML spec, which links two components of Web transaction security - authentication and authorisation - is based on XML and enables users to gain access to secure areas of different web sites once they have been given authorisation from any...

Channel:
Operating Systems

Sun unveils rival to Microsoft's Passport

Microsoft also plans to use Passport as a payment system, potentially charging a commission on each transaction - which is where the real commercial value of the system kicks in. Later today Sun will announce it's own identification and...

Channel:
Security Strategy

Identity theft affecting one in four UK adults

You're never going to get anywhere with passwords - you need hardware in the loop, whether that's mobile phones or chip and PIN, and you have to move from one- to two-factor authentication. found that 33 per cent of adults don't take any...

Channel:
Security Strategy

Gmail to thwart phishing with a big red box

The idea behind DomainKeys is to thwart email spoofing or spam messages that appear to be from legitimate addresses but actually originate elsewhere. The IETF is the body that defines standard internet protocols such as TCP/IP.

Adobe-Macromedia alliance takes fight to Microsoft

Adobe, which built its name on the PDF format for printable digital documents, has long struggled to make an impact in the purely digital realm, where Macromedia has its roots. Enterprises and enterprise developers want to provide a complete set of...

Woman hit with $220k bill in file-sharing case

The group combats file sharing through a combination of tactics that include educational programmes and legal action against sites accused of encouraging file sharing. The decision is important in that it sends a message to file sharers that the...

Live Webcast: Telecoms 2.0 - Where is telecoms heading?

In this webcast, our panel of experts will review where we are with next generation telecoms in the UK, working through the concept of 'Telecoms 2.0': - Realising the potential of Next Generation Networks - why it isn't just about the technology? - What attributes should firms be looking for in their telco partner? - Is the relationship between telco provider and customer changing? - What things need to happen to make next generation services a reality? - You say you want the supplier to change. Do you want to change too? - What is Telecoms 2.0?

Publisher:
ZDNet UK

Telecom 2.0: Mind over matter

ntl:Telewest Business believes that the role of the telco is evolving. Gone are the days when it was enough to simply focus on circuits and minutes, customers now need a far higher degree of interaction and look for suppliers who will talk business solutions with them.

Publisher:
ntl:Telewest Business

IBM Information Server Change Data Capture

In today's fast-paced world, access to real-time data has never been more important. To be successful, organizations need to be able to report and analyze corporate data quickly and easily, regardless of what applications created the data, what platform they're running on, or what database they're stored in.

Publisher:
IBM

An examination of server consolidation: the trends that can drive efficiencies and help businesses gain a competitive edge

This white paper provides a starting point for organizations contemplating server consolidation. It includes an overview of server consolidation concepts and techniques and provides guidance on methodologies. It also looks at the potential cost savings associated with server consolidation and offers information on how organizations can sustain the advantage they have gained by consolidating their servers.

Publisher:
IBM

Also on silicon.com

Site Navigation:

Transaction Processing White Papers

Security Services Markup Language

Quick Sitemap Links:

About Us

Search

Blogs

Verticals

Advertising Features

CNET Networks in Europe

CNET Networks in the United States

CNET Networks in Asia Pacific