SENIOR PROJECT 2007-2008 (Basic concepts of the ekoSign project)

3. Basic Concepts XML Digital Signature: Use and Adaptation to Achieve Success in E-business Processes

Project team members

Hüseyin Çakır, Mehmet Mesut Özışık, Yılmaz Kaya

Abstract:This paper presents basic concepts that are needed during project implementation. At first part of the document the description of supply chain and it's elements are explained with motivation to the business challenges, company policies in an organization and some terminologies about XML Signature including digital signatures. Keywords:Digital signature, e-business, supply chain, XML signature.

http://groups.google.com/group/digitalsignature [email protected] PRINT DATE: 05/06/08

1

3.1 Introduction This documentation related with the inception phase of the project. The goals of this phase is to establish a business case for the project and outline key requirements that will drive the design trade offs . Figure 3.1 shows the steps of the unified process and which step the project plan paper belongs to. Inception

Elaboration

Construction

Transition

1.Introduction 2.Project Plan 3.Basic Concepts Figure 3.1 Steps of Unified Process.

During 80s business start to be conducted over internet especially after emergence of high speed communication networks as a result of this a lot of companies try to carry their internal and external operations using digital rather than traditional manual documentation. Constructing new procedures in data exchange become highly needed to fulfill e-commerce mechanisms. At this point XML become the most important source to be used in digital signature processes. XML Signature helps business actions to be authenticated and made accessible in business processes. There are also some shortcomings of the current XML signature procedures, first of all current technology is capable of providing signing capabilities for final document however in business logic there is a significant need to construct partial document ownership. Signature binding to the whole document is not a feasible solution in e-business, in fact participants in business need to make individual modifications on the document. According to Gupta, partial document ownership involves assigning ownership of the content to an individual when that individual changes part of a document. Clearly, partial document ownership requires that a document be recognized as a collection of objects [1]. 3.2 Business Challenge To understand business challenges, initially we had to understand supply chain concept in business. Supply chain consists of all stages involved directly or indirectly in fulfilling customer requests. As emphasis is on the customer, companies are reassessing their supply-chain processes. For companies to succeed, today's supply chains must be quick enough to respond to customer demands. In supply chain there are five main stages suppliers, manufacturers, distributors, retailers and customers. Also there are three types of flows product, information and fund. Information flow is the main issue to focus in digital signature processing. Information deeply affects every part of the supply chain. Its impact is easy to underestimate, as information affects a supply chain in many different ways. Consider the following;

2

1.Information serves as the connection between various stages of a supply chain, allowing them to coordinate and maximize total supply chain profitability. 2.Information is also crucial to the daily operations of each stage in supply chain [2]. In business, flows can be classified in two categories as internal flow and external flow. Figure 3.2 is the main motivation of our project which underlies the tree main information flow: • •

Information flows inside the company between departments which is called internal flow. Information flows coming from outside of the company which are called external flow and information flows inside the departments themselves.

Figure 3.2 Internal & External Information Flows.

Our concern is to make information flows more efficient in a business structure by using XML in work flow applications. In work flows documents are moving around a community of people who perform particular tasks in business. XML is the best source to use in these application as XML has a structure like paper documents people are already using. To analyze work flows more concretely ; we have to think more technically, in traditional way of handling of information flow, data is kept in a database and when needed ad-hoc queries are used to get them, but this approach does not support the work flow. Typically in a document-based work flow, a document goes through a number of iterations as different people add to its content so XML structure is more effective to manage data on a work flow. 3.3 Company Policy Policies are high-level documents that represent corporate philosophy of an organization. In addition to the corporate policies, an organization should also define lower level of policies for departments and individual divisions. These lower level policies should have aligned philosophies with corporate level policies. Information system management policy is also one of the lower level policies that reflect the implementation of policies and procedures developed for various information system related management activities. Information system management policies will often set the stage in terms of what tools and procedures are needed for the organization in other words they are the frameworks for defining how a particular work should be performed.

3

The project team should set a clear policy direction in line with business objectives and demonstrate support for, and commitment to, information security through the issue and maintenance of an information security policy across the organization [3]. Company policy will be constructed according to these three flows; Internal organization flows, external organization flows and flows inside company's departments. The XML documents' structure will be used to create policy levels. For instance, a company maintains it's order records in XML. Each record consist of the order name, order priority, order time and digital signature. •

• •

Nodes inside Sales Department of the company (information flow inside department) is allowed to see the entire order record, and modify order records so will have a most authorized digital signature. Internal nodes (other department e.g. Warehouse) are allowed to see the order name,order priority and order time, and only modify order time. External nodes are only allowed to see the order name, order priority and order time. Cannot modify any part of the record.

So all these nodes must have different levels of authorization according to their positions at company policy. Moreover, every nodes has different level of authorization. For instance, Sales Managers' authorization level is different than Sales Representatives'. While Sales Managers are allowed to sign documents that has high order costs Sales Representatives cannot sign these type of documents as a result of company policies defined by the organization. 3.4 Process Flow for Document Signing Figure 3.3 presents the conceptual diagram of a prototype document signing system. The system involves an integration of digital signature technology with organizational sign-on initiatives and a document management system.

Figure 3.3 The Process Flow for Document Signing.

The process flow for document signing as follows; Obtain the document: Users can download document from any file server in use. When user is checking out a document, other users can be prevented from obtaining that document with write access. However, many file servers write file information to the documents, which in turn, invalidates digital signatures. Signing the document: User can use digital signature plug-in tools that are compatible with document creation software to sign or validate signatures on document. Submit the signed document: After signing a document, users can check document back into file server, which then lets other authorized users have complete access to it.

4

Locking down the document: When all individuals of the contract process have signed in the document, the document can be locked down and moved to an access-controlled directory in the file server [1]. 3.5 Extensible Markup Language (XML) XML is a simple, very flexible text format derived from SGML (ISO 8879). Originally designed to meet the challenges of large-scale electronic publishing, XML is also playing an increasingly important role in the exchange of a wide variety of data on the Web and elsewhere. The XML standard has been developed and quickly a large number of software vendors have adopted the standard. XML will be the most common tool for all data manipulation and data transmission. The features that make XML so powerful for business transactions (e.g. , semantically rich and structured data, text-based, and Web-ready nature) provide both challenges and opportunities for the application of encryption and digital signature operations to XML-encoded data. For example, in many work flow scenarios where an XML document flows stepwise between participants, and where a digital signature implies some sort of commitment or assertion, each participant may wish to sign only that portion for which they are responsible and assume a concomitant level of liability. Older standards for digital signatures provide neither syntax for capturing this sort of highgranularity signature nor mechanisms for expressing which portion a principal wishes to sign. As XML becomes a vital component of the emerging electronic business infrastructure, we need reliable, secure XML messages to form the basis of business transactions. One key to enabling secure transactions is the concept of a digital signature, ensuring the integrity and authenticity of origin for business documents. XML Signature is an evolving standard for digital signatures that both addresses the special issues and requirements that XML presents for signing operations and uses XML syntax for capturing the result, simplifying its integration into XML applications [4]. 3.5.1 Layout of an XML Document XML divides documents into two main parts which are; • •

Plain part of document. (Users insert their messages which they need to send.) XML Signature part. (Signatures that constructs signature process according to polcies.)

A basic example to use of XML for a company can be seen below. The whole document is covered as a root element "progressReport". In the root element there are two departments "Sales Department" and "Warehouse" that are communicating with each other through the "plainPartOfDocument". Security issues can be controlled by "digitalSignature" element. Both two departments have different signatures related to their part of the document's content (Figure 3.4) .

5

Figure 3.4 General Layout of XML.

X-product stock out!, new shipment Plain part of document for needed. Sales Department at our example X6fshSf45ZS63a56ta35

Sample Digital Signature

 Distribution of X- product is waiting to be approved. Sample Digital Signature

Plain part of document for Warehouse at our example

sf789HaODh67s8h7shs7

Figure 3.5 Detailed Document Layout.

6

One of the most important benefits of XML is its extensibility. This feature can be used in our example by adding another department "management" into the "progressReport". XML is also platform-independent so that documents can be used on various systems. MESSAGE adgX8d6g686g6A6dgsKCkvm Figure 3.6 Simplified Sample XML document.

3.5.2 XML Digital Signature Concept Digital signatures are important because they provide end-to-end message integrity guarantees, and can also provide authentication information about the originator of a message. In order to be most effective, the signature must be part of the application data, so that it is generated at the time the message is created, and it can be verified at the time the message is ultimately consumed and processed. An XML signature would define a series of XML elements that could be embedded in, or otherwise affiliated with, any XML document. It would allow the receiver to verify that the message has not been modified from what the sender intended. The XML-Signature Syntax and Processing specification (abbreviated in this article as XML DSIG) was a joint effort of the W3C and the IETF. It's been an official W3C Recommendation since February 2002 [5]. A top-level of XML Signature document is fairly simple. It has information about what is being signed, the signature, the keys used to create the signature, and a place to store arbitrary information: Figure 3.7 Sample Signature Element.

7

There are eight main concepts that is used in the XML layout : • • • • • • •

Id Attribute SignatureValue Element SignedInfo Element KeyInfo Element Reference Element Transforms Element Manifest Element

Id The global Id attribute allows a document to contain multiple signatures, and provides a way to identify particular instances. Multiple signatures are common in business policies, such as when both the manager and the Travel Office must approve a trip application. SignatureValue Element This element contains the actual signature. As signatures are always binary data, XML DSIG specifies that the signature value is always a simple element with Base64-encoded content: Figure 3.8 Sample SignatureValue Element.

SignedInfo Element The content of SignedInfo can be divided into two parts, information about the SignatureValue, and information about the application content, as we can see from the following XML Schema fragment: Figure 3.9 Sample SignedInfo Element.

8

KeyInfo Element Recall that content is protected by using indirection: the SignatureValue covers the SignedInfo, which contains References that contain the digest values of the application data. Change any of those things, and the chain of math computations is broken, and the signature won't verify. The only thing left to do is to identify the signer, or at least the key that generated the signature (or, more cryptographically, the key that protects the digest from being modified). This is the job of the KeyInfo element: Figure 3.10 Sample KeyInfo Element.

Reference Element Reference is an element that may occur one or more times. It specifies a digest algorithm and digest value, and optionally an identifier of the object being signed, the type of the object, and/or a list of transforms to be applied prior to digesting. The identification (URI) and transforms describe how the digested content (i.e., the input to the digest method) was created. The Type attribute facilitates the processing of referenced data. For example, while this specification makes no requirements over external data, an application may wish to signal that the referent is a Manifest. An optional ID attribute permits a Reference to be referenced from elsewhere [6]. Figure 3.11 Sample Reference Element.

9

Transforms Element The optional Transforms element contains an ordered list of Transform elements; these describe how the signer obtained the data object that was digested. The output of each Transform serves as input to the next Transform. Examples of transforms include but are not limited to base64 decoding [MIME], canonicalization [XML-C14N], XPath filtering [XPath], and XSLT [XSLT] [6].

Figure 3.12 Sample Transforms Element.

Manifest Element The Manifest element provides a list of References. The difference from the list in SignedInfo is that it is application defined which, if any, of the digests are actually checked against the objects referenced and what to do if the object is inaccessible or the digest compare fails [6]. Figure 3.7 Sample Manifest Element.

10

3.6 References [1]. A. Gupta., Y.A. Tung, J.R. Marsten, “Digital signature:use and modification to achieve success in next generational e-business processes”, Science Direct, p.571, June 2003. [Online]. Available:http://www.sciencedirect.com. [Accessed October 17, 2007]. [2].Sunil Chopra, Peter Meindil , “Chapter1, Understanding the supply chain ”, in Supply Chain Management 3rd edition, pp.3-18. [3]. “Information technology . Security techniques”, ISO/IEC, p.7, February 2005. [4].The World Wide Web Consortium, “XML Available:http://www.w3.org/Signature [Accessed October 25, 2007].

Signature”,

[Online].

[5].Microsoft Developer Network, “ Understanding XML Digital Signature”[Online]. Available:http://msdn2.microsoft. com/en-us/library/ms996502.aspx [Accessed November 2007]. [6]. The World Wide Web Consortium , “XML Signature Syntax and Processing”, [Online]. Available: http://www.w3.org/TR/xmldsig-core/#sec [Accessed December 20, 2007].

11

3. Basic Concepts XML Digital Signature: Use and ...

During 80s business start to be conducted over internet especially after ..... The World Wide Web Consortium , “XML Signature Syntax and Processing”, [Online].
Download PDF
253KB Sizes 0 Downloads 183 Views
Report

Recommend Documents

Combined Digital Signature and Digital Watermark ...
digital signature [2]. Digital watermark techniques embed an invisible signal (for example, company logo or personal symbol) into image so as to attest the owner ...
pdf digital signature
Loading… Page 1. Whoops! There was a problem loading more pages. pdf digital signature. pdf digital signature. Open. Extract. Open with. Sign In. Main menu.
Use of signature whistles during separations and ... - Springer Link
of the social system at large. Second, mother-infant pairs often travel alone, or, when separated from each other, as lone individuals. Thus it is often possible to ...
Use of signature whistles during separations and ... - Springer Link
signature whistles were found to be widespread among captive delphinids .... using a Kay Elemetrics 5500 Digital Sound Processor. We listened to (during long ...
sign pdf digital signature
Sign in. Loading… Whoops! There was a problem loading more pages. Whoops! There was a problem previewing this document. Retrying... Download. Connect ...
verify digital signature in pdf
There was a problem previewing this document. Retrying... Download. Connect more apps... Try one of the apps below to open or edit this item. verify digital ...
pdf digital signature not working
There was a problem previewing this document. Retrying... Download. Connect more apps. ... pdf digital signature not working. pdf digital signature not working.
pdf digital signature field
There was a problem previewing this document. Retrying... Download. Connect more apps. ... pdf digital signature field. pdf digital signature field. Open. Extract.
what is digital signature pdf
There was a problem previewing this document. Retrying... Download. Connect more apps... Try one of the apps below to open or edit this item. what is digital ...
remove digital signature pdf
Page 1 of 1. remove digital signature pdf. remove digital signature pdf. Open. Extract. Open with. Sign In. Main menu. Displaying remove digital signature pdf.
sign pdf digital signature
sign pdf digital signature. sign pdf digital signature. Open. Extract. Open with. Sign In. Main menu. Displaying sign pdf digital signature.
verisign pdf digital signature
Sign in. Loading… Whoops! There was a problem loading more pages. Retrying... Whoops! There was a problem previewing this document. Retrying.
Digital Signature Certificate Subscription Form - KeralaPWD
[PDF]Digital Signature Certificate Subscription Form - KeralaPWDhttps://sites.google.com/site/alrahiman3/empanel.pdf?attredirects=0&d=1CachedA Digital Signature Certificate (DSC) is used to authenticate and validate a process. It is an integral part
XML programming with SQL/XML and XQuery
agers fulfill vital responsibilities in complex informa- tion systems by ... other information-service systems. Permission to ...... Client, network, and server resources ...
XML programming with SQL/XML and XQuery - IEEE Xplore
XML programming model evolution. SAX (the simple API [application programming in- terface] for XML)1 was the first popular interface for. XML programming.
Basic Concepts in Economics - econstem
anything that is generally accepted as final payment for goods and services, and thus ... and sellers, the extent to which firms can control price, the nature of the ...
Basic Concepts and Taxonomy of Dependable and Secure ... - NASA
Aug 25, 2004 - common strands of dependability and security although, for reasons of space .... attributes, and threats, the most urgent goal for the future is to keep the taxonomy ..... statistics about large software projects [34], or the analysis.
Basic Concepts and Taxonomy of Dependable and Secure Computing
Aug 25, 2004 - IEEE CS and the IFIP WG 10.4 “Dependable Computing and Fault Tolerance. ... of security as an attribute and of the class of intentional malicious faults in ...... online (without interrupting service delivery) or offline. (during ser
basic digital slr
basic functions of digital slr cameras. Dslr cameras digital slr cameras b h photo. Dslr. aperture and shutter speed tutorial pdf / download your software.
XML Schema - Computer Science E-259: XML with Java
Dec 3, 2007 - ..... An all group is used to indicate that all elements should appear, in any ...
eSign – Online Digital Signature Service -
eSign – Online Digital Signature Service. Introduction. Currently personal digital signature requires person's identity verification and issuance of USB dongle.