Home > Ask the CIO Experts > Questions & Answers > Protecting information through XML messaging and business portals
Ask The CIO Expert: Questions & Answers
EMAIL THIS

Protecting information through XML messaging and business portals

Puneet Mehta EXPERT RESPONSE FROM: Puneet Mehta

Pose a Question
Other CIO Categories
Meet all CIO Experts
Become an Expert for this site


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


>
QUESTION POSED ON: 20 March 2002
We are looking to send an XML message on a B2B basis. We want the client, Mr. X, to send a request for data to Company Y, via business portal Z. Part of the XML request will contain a username and password relating to Company Y. In order for business portal Z to forward the request they will need to decrypt the request. Unfortunately this means that they will be able to view the username and password. Is there a way to protect the username/password so that the business portal Z cannot view it but Company Y can?

>
In your case, since Client X and Company Y do not have a direct trust relationship established, but that both X & Y trust Z as an independent third party to forward the Data. It would be better if Portal Z can provide a Digital Signature to Both X and Y, which allows them both to authenticate users without a formal agreement between them. This means you do not need to provide any username or passwords in your XML messages as the authentication will be done using Digital Signatures.

Also,since you are already using XML, considering incorporation of SAML (Security Assertion Markup Langauge) would help resolve most of your security issues.SAML allows companies to exchange authentication, authorization, and profile information securely regardless of platform. The idea of using SAML is to provide a common language for security between companies in B2B and B2C business transactions.

For more Information on SAML, you can refer following links.

http://xml.coverpages.org/saml.html

http://www.netegrity.com/products/index.cfm?leveltwo=SAML

http://www.oasis-open.org/committees/security/


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   



RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary



Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.
Browse our Expert Advice



White Papers for the CIO, Application Integration, Data Storage Management, and LAN Management
About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
SEARCH 
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2007 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts