An information security perspective on XML web services.

Full text

(1)An Information Security Perspective On XML Web Services By Jacqueline Chetty Short dissertation Submitted in partial fulfillment of the requirements for the degree of MAGISTER PHILOSOPHIAE In the subject INFORMATION TECHNOLOGY In the FACULTY OF NATURAL SCIENCE At RAND AFRIKAANS UNIVERSITY STUDY LEADER: PROF SH VON SOLMS OCTOBER 2004.

(2) Acknowledgements I would like to thank my husband, Paven for always encouraging me throughout my dissertation. To my son, Jarryd, thank you for being so patient and understanding with me. Thank you Prof. von Solms for all the hard work and input you have given me as my study leader. Your patience and explanations has helped me grow through my dissertation. You have allowed me the space to find my own answers to the problems faced with this dissertation..

(3) TITLE:. Information Security In Extensible Markup Language (XML) and XML Web services. AUTHOR:. Jacqueline Chetty. PROMOTOR:. Prof. SH von Solms. DEGREE:. M Phil (IT). DEPARTMENT:. Computer Science. LANGUAGE:. English.

(4) Summary The Internet has come a long way from its humble beginnings of being used as a simple way of transporting data within the US army and other academic organizations. With the exploding growth of the Internet and the World Wide Web or WWW more and more people and companies are not only providing services via the WWW but are also conducting business transactions. In today’s Web-based environment where individuals and organizations are conducting business online, it is imperative that the technologies that are being utilized are secure in every way. It is important that any individual or organization that wants to protect their data in one form or another adhere to the five (5) basic security services. These security services are Identification and Authentication, Authorization, Confidentiality, Integrity and Non-repudiation This study looks at two Web-based technologies, namely XML and XML Web services and provides an evaluation of whether or not the 5 security services form part of the security surrounding these Web-based technologies. Part 1 is divided into three chapters. Chapter 1, is an Introduction and roadmap to the dissertation. This chapter provides an introduction to the dissertation. Chapter 2 provides an Overview of XML. The reader must not view this chapter as a technical chapter. It is simply a chapter that provides the reader with an understanding of XML so that the reader is able to understand the chapter surrounding XML security. Chapter 3 provides an Overview of Web services. Again the reader must not view this chapter as a technical chapter and as in chapter 2 this chapter must be seen as an overview providing the reader with a broad picture of what Web services is. A lot of technical background and know how has not been included in these two chapters. Part 2 is divided into a further three chapters. Chapter 4 is titled Computer Security and provides the reader with a basic understanding surrounding security in general. The 5 security services are introduced in more detail and the important mechanisms and aspects surrounding security are explained. Chapter 5 looks at how XML and Web services are integrated. This is a short chapter with diagrams that illustrate how closely XML and Web services are interwoven. Chapter 6 is the most important chapter of the dissertation. This chapter is titled XML and Web services security. This chapter.

(5) provides the reader with an understanding of the various XML mechanisms that form part of the Web services environment, thus providing security in the form of the 5 security services. Each XML mechanism is discussed and each security service is discussed in relation to these various mechanisms. This is all within the context of the Web services environment. The chapter concludes with a table that summarizes each security service along with its corresponding XML mechanism. Part 3 includes one chapter. Chapter 7 is titled Mapping XML and Web services against the 5 security services. This chapter makes use of the information from the previous chapter and provides a summary in the form of a table. This table identifies each security service and looks at the mechanisms that provide that service within a Web services environment. Part 4 provides a conclusion to the dissertation. Chapter 8 is titled Conclusion and provides a summary of each preceding chapter. This chapter also provides a conclusion and answers the question of whether or not the 5 information security services are integrated into XML and Web services..

(6) Opsomming Sedert die internet se nederige begin as ‘n medium vir die vervoer van data binne die VSA se weermag en ander akademiese organisasies, het baie water, in die vorm van vooruitgang, in die see geloop. Met die groei-ontploffing van die Internet en Wêreldwye Web (WWW) gebruik meer en meer mense en besighede die WWW om beide dienste te lewer en besigheidstransaksies deur te voer. In vandag se Web-gebaseerde omgewing waar besighede deur individue en organisasies aanlyn bestuur word, is sekuriteit van die verskeie tegnologieë van kardinale belang. Dit is noodsaaklik dat die individu of organisasie ter wille van data-beskerming die vyf basiese sekuriteitsdienste of beginsels sal gehoorsaam, naamlik. “Identification and “Authentication” (Identifikasie en Geldigheid), “Authorisation” (Magtiging), “Confidentiality” (Vertroulikheid), “Integrity” (Integriteit) en “Non-repudiation”. Hierdie studie kyk na twee Web-gebaseerde tegnologieë, naamlik “XML” en “XML Web services” en evalueer of hierdie web-gebaseerde tegnologieë wel die vyf sekuriteitsdienste as sekuriteitsmaatreëls insluit. Deel 1 is onderverdeel in drie hoofstukke. Die eerste hoofstuk genaamd “Introduction and roadmap”is ‘n inleiding tot die dissertasie. Hoofstuk 2, “Overview of XML”, verskaf bloot ‘n oorsig en behoort nie as ‘n tegniese verduideliking geëvalueer te word nie. Dit poog om vir die leser agtergrondinligting omtrent XML te gee, om sodoende die hoofstuk rondom XML sekuriteit te kan begryp. Die derde hoofstuk is ‘n oorsig oor dienste op die Web – “Overview of Web services” – en moet weereens as ‘n blote verduideliking van die dienste, eerder as ‘n tegniese hoofstuk beskou word. Deel 2 is in ‘n verdere drie hoofstukke onderverdeel. Hoofstuk 4, “Computer Security” gee aan die leser ‘n algemene oorsig oor sekuriteit in die algemeen. Die vyf sekuriteitsdienste sowel as die noodsaaklike sekuriteitsmeganismes en aspekte van sekuriteit word in fyner besonderhede bespreek. Hoofstuk 5 is ‘n kort hoofstuk met diagrammatiese voorstellings wat ondersoek hoe XML en Webdienste geintegreer is. Die sesde hoofstuk, “XML and Web services security” kan as die kern-hoofstuk beskou word. Hier kan die leser insig in die verksillende XML meganismes binne die Webdiens-omgewing, wat sekuritiet in die vorm die vyf sekuriteitsdienste verskaf, ontwikkel. Binne die verband van die Webdiens-omgewing, word elke XML meganisme,.

(7) asook die verhouding tussen elke afsonderlike sekuriteitsdiens tot elk van die meganismes, bespreek. As gevolgtrekking word elke sekuriteitsdiens, sowel as sy korresponderende XML meganisme, in opsommende tabelvorm uiteengesit. Deel 3 bestaan uit slegs een hoofstuk, getiteld “Mapping XML and Web services against the 5 security services”. In hierdie hoofstuk word inligting uit vorige hoofstukke gebruik om ‘n opsomming in tabelvorm weer te gee. Hierdie tabel identifiseer elke sekuriteitsdiens, en kyk na die meganismes wat sodanige diens binne ‘n Webdiens-omgewing verskaf. Deel 4 is ‘n gevolgtrekking van die dissertasie. Hoofstuk 8 is getiteld “Conclusion” en som elk van die vorige hoofstukke kortliks op. Hierdie hoofstuk poog om ook antwoorde te verskaf op die vraag of die vyf inligtings-sekriteitsdienste wel in XML en Webdienste geintegreerd is, al dan nie..

(8) Table Of Contents. PART 1: INTRODUCTION TO XML AND WEB SERVICES ................................. 1. CHAPTER 1 - INTRODUCTION AND ROADMAP ................................ 2 1.1. CHAPTER OUTLINE ................................................................................ 2. 1.2. INTRODUCTION ...................................................................................... 2. 1.3. PROBLEM STATEMENT......................................................................... 3. 1.4. OBJECTIVES FOR THE DISSERTATION.............................................. 3. 1.5. THE APPROACH TO BE USED............................................................... 3. 1.6. OVERVIEW OF EACH CHAPTER .......................................................... 6. 1.6.1. CHAPTER 2: Overview Of XML ..................................................... 6. 1.6.2. CHAPTER 3: Overview Of XML Web Services .............................. 6. 1.6.3. CHAPTER 4: Computer Security...................................................... 7. 1.6.4. CHAPTER 5: XML And Web Services Integrated ........................... 8. 1.6.5. CHAPTER 6: XML And Web Services Security .............................. 8. 1.6.6. CHAPTER 7 – Mapping XML And XML Web Services Against The 5 Security Services ..................................................................... 8. 1.6.7. CHAPTER 8: Conclusion .................................................................. 9. 1.7. CHAPTER SUMMARY..................................................................... 9. 1.8. LOOKING AHEAD ................................................................................... 9. CHAPTER 2 - OVERVIEW OF EXTENSIBLE MARKUP LANGUAGE (XML) ............................................................................................ 10 2.1. CHAPTER OUTLINE .............................................................................. 11. 2.2. INTRODUCTION .................................................................................... 11. 2.3. XML DEFINED........................................................................................ 12.

(9) 2.3.1. XML Applications ........................................................................... 13. 2.3.2. The Evolution Of XML ................................................................... 14. 2.3.3. Web Based Markup Languages ....................................................... 15. 2.3.4. XML As A Markup Language......................................................... 16. 2.3.5. XML As A Metalanguage................................................................ 16. 2.3.6. Why is XML Such An Important Development? ............................ 17. 2.3.7. A Practical Example ........................................................................ 17. 2.3.8. XML Weaknesses ............................................................................ 18. 2.4. XML COMPONENTS.............................................................................. 19. 2.4.1. Document Type Definitions (DTD)................................................. 22. 2.4.2. Schemas ........................................................................................... 25. 2.5. 2.4.2.1. Advantages of Schemas ................................................................ 26. 2.4.2.2. What Are Name Conflicts?........................................................... 26. 2.4.2.3. Solving Name Conflicts Using A Prefix....................................... 27. 2.4.2.4. Using Namespaces ........................................................................ 27. 2.4.2.4.1. The Namespace Attribute (xmlns).......................................... 28. 2.4.2.4.2. Uniform Resource Identifiers .................................................. 28. 2.4.2.4.3. Default Namespaces .............................................................. 28. 2.4.2.5. A Complete Example.................................................................... 30. 2.4.2.6. Summary ....................................................................................... 32. TRANSFORMING XML DOCUMENTS ............................................... 32. 2.5.1. Why Is Transformation Necessary?................................................. 32. 2.5.2. The Transformation Process ............................................................ 32. 2.6. OTHER XML LANGUAGES.................................................................. 34.

(10) 2.2.4.1. Vector Markup Language (VML) (2) ........................................... 34. 2.2.4.2. Synchronized Multimedia Integration Language (SMIL) (2)....... 35. 2.2.4.3. Cascading Stylesheets (CSS) (2) .................................................. 35. 2.2.4.4. MathML (2) .................................................................................. 35. 2.2.5. XML In Today’s IT Environment..................................................... 35. 2.3. SUMMARY.............................................................................................. 36. 2.4. LOOKING AHEAD ................................................................................. 36. CHAPTER 3 - OVERVIEW OF XML WEB SERVICES...................... 37 3.1. CHAPTER OUTLINE .............................................................................. 38. 3.2. INTRODUCTION TO THE CHAPTER .................................................. 38. 3.2.1. Traditional HTML Requests versus Web Services Requests ........... 39. 3.2.1.1. Traditional HTML Approach........................................................ 39. 3.2.1.2. Alternative Web Services Approach............................................. 40. 3.2.2. Simple Object Access Protocol (SOAP)........................................... 40. 3.2.3. Advantages Of Web Services ........................................................... 40. 3.2.4. Supporting Paradigms....................................................................... 42. 3.2.5. Web Services Components ............................................................... 42. 3.2.5.1. WSDL ........................................................................................... 42. 3.2.5.2. UDDI............................................................................................. 44. 3.2.6 3.3. Summary ........................................................................................... 45 DESCRIBING WEB SERVICES............................................................. 45. 3.3.1 3.3.1.1 3.1.2. Web Services Description Language (WSDL) ................................. 45 A Practical Example ..................................................................... 46 Summary ........................................................................................... 47.

(11) 3.4. ACCESSING WEB SERVICES............................................................... 47. 3.5.. FINDING WEB SERVICES .................................................................... 49. 3.5.1. 3.6. The UDDI Organization ................................................................... 50. 3.5.1.1. How Does The UDDI Work? ....................................................... 51. 3.5.1.2. Security And UDDI ...................................................................... 51. 3.5.1.3. Other UDDI Concerns .................................................................. 51. 3.5.1.4. Information Categories ................................................................. 51. WEB SERVICES ARCHITECURE......................................................... 52. 3.6.1. Security ............................................................................................. 52. 3.6.1.1. Standard Authentication Markup Language (SAML) .................. 53. 3.6.2. Process Flow ..................................................................................... 54. 3.6.3. Transaction Coordination.................................................................. 54. 3.6.3.1 3.6.4. Business Transaction Protocol (BTP)........................................... 55 Messaging ......................................................................................... 55. 3.6.4.1. WS-Inspection............................................................................... 56. 3.6.4.2. WS-Routing .................................................................................. 56. 3.6.5. Summary ........................................................................................... 56. 3.7. IMPLEMENTING WEB SERVICES ...................................................... 57. 3.8. SUMMARY.............................................................................................. 58. 3.9. LOOKING AHEAD IN CHAPTER 4...................................................... 59. PART 2: SECURITY AND XML AND WEB SERVICES........................................ 60. CHAPTER 4 - COMPUTER SECURITY .................................................... 65 4.1. CHAPTER OUTLINE .............................................................................. 66. 4.2. INTRODUCTION .................................................................................... 66.

(12) 4.3. COMPUTER SECURITY ........................................................................ 67. 4.4. THE FIVE SECURITY SERVICES ........................................................ 68. 4.4.1. Identification And Authentication .................................................... 68. 4.4.1.1. Username And Password .............................................................. 68. 4.4.1.2. Single Sign-on............................................................................... 69. 4.4.1.3. Summary ....................................................................................... 69. 4.4.2. Authorization .................................................................................... 70. 4.4.3. Confidentiality .................................................................................. 70. 4.4.3.1. Symmetric Encryption .................................................................. 71. 4.4.3.2. Public Key Encryption.................................................................. 71. 4.4.3.3. Symmetric Versus Public Key Encryption .................................... 71. 4.4.4. Integrity............................................................................................. 71. 4.4.5. Non-Repudiation............................................................................... 71. 4.5. SUMMARY.............................................................................................. 72. 4.6. LOOKING AHEAD ................................................................................. 72. CHAPTER 5 - XML AND WEB SERVICES INTEGRATED ............. 73 5.1. CHAPTER OUTLINE .............................................................................. 74. 5.2. INTRODUCTION TO THE CHAPTER .................................................. 74. 5.3. XML AND WEB SERVICES INTEGRATED........................................ 74. 5.4. SUMMARY.............................................................................................. 75. 5.5. LOOKING AHEAD IN CHAPTER 6...................................................... 76. CHAPTER 6 - XML AND WEB SERVICES SECURITY .................... 77 6.1. CHAPTER OUTLINE .............................................................................. 78. 6.2. INTRODUCTION TO THE CHAPTER .................................................. 78.

(13) 6.3. XML AND WEB SERVICES BACKGROUND ..................................... 79. 6.4. WEB SERVICES WORKFLOW ............................................................. 79. 6.5. THE IMPACT OF WEB SERVICES IN TERMS OF SECURITY......... 81. 6.6. WEB SERVICES AND IDENTIFICATION / AUTHENTICATION AND AUTHORIZATION.................................................................................. 82. 6.6.1. Single Sign-On.................................................................................. 83. 6.6.2. Security Assertion Markup Language (SAML)................................ 84. 6.6.2.1. Assertions...................................................................................... 86. 6.6.2.1.1Authentication Assertions ........................................................... 88 6.6.2.1.2. Attribute Assertions ................................................................ 88. 6.6.2.1.3. Authorization Decision Assertion ........................................... 89. 6.6.2.2. SAML Interaction ......................................................................... 89. 6.6.3. XML Access Control Markup Language (XACML)........................ 90. 6.6.4. Summary ........................................................................................... 92. 6.7. WEB SERVICES SECURITY AND CONFIDENTIALITY................... 92. 6.7.1. XML Encryption............................................................................... 93. 6.7.1.1. Encryption Algorithms.................................................................. 94. 6.7.1.2. XML Encryption Versus Existing Technologies ........................... 96. 6.7.2 6.8. Summary ........................................................................................... 96 WEB SERVICES AND INTEGRITY / NON-REPUDIATION.............. 96. 6.8.1. Digital Signatures.............................................................................. 97. 6.8.2. XML Digital Signatures.................................................................... 97. 6.8.3. Summary ........................................................................................... 99. 6.9. WEB SERVICE SECURITY ARCHITECTURE .................................... 99.

(14) 6.9.1. A Practical Example ......................................................................... 99. 6.9.2. Security Model Abstractions........................................................... 100. 6.9.3. Summary ......................................................................................... 101. 6.10. XML AND WEB SERVICES SECURITY SUMMARIZED................ 101. 6.11. LOOKING AHEAD IN CHAPTER 7.................................................... 102. PART 3: MAPPING XML AND WEB SERVICES................................................. 103. CHAPTER 7 - MAPPING XML AND WEB SERVICES AGAINST THE 5 SECURITY SERVICES ..................................................................... 104 7.1. CHAPTER OUTLINE ............................................................................ 105. 7.2. INTRODUCTION TO THE CHAPTER ................................................ 105. 7.3. A MAPPING OF XML AND WEB SERVICES AGAINST THE FIVE (5) SECURITY SERVICES ................................................................ 105. 7.4. SUMMARY............................................................................................ 107. 7.5. LOOKING AHEAD IN CHAPTER 8.................................................... 107. PART 4: CONCLUSION ............................................................................................ 108. CHAPTER 8 - CONCLUSION ....................................................................... 109 8.1. CHAPTER OUTLINE ............................................................................ 110. 8.2. INTRODUCTION TO THE CHAPTER ................................................ 110. 8.3. CHAPTER 1 – INTRODUCTION AND ROADMAP .......................... 110. 8.4. CHAPTER 2 – OVERVIEW OF XML .................................................. 111. 8.5. CHAPTER 3 – OVERVIEW OF XML WEB SERVICES .................... 111. 8.6. CHAPTER 4 – COMPUTER SECURITY ............................................. 112. 8.7. CHAPTER 5 – XML AND WEB SERVICES INTEGRATED............. 112. 8.8. CHAPTER 6 – XML AND WEB SERVICES SECURITY .................. 112.

(15) 8.9. CHAPTER 7 – MAPPING XML AND WEB SERVICES AGAINST THE FIVE. 8.10. (5) SECURITY SERVICES....................................................... 113. CONCLUSION....................................................................................... 113. LIST OF SOURCES ..................................................................................................... 115.

(16) Table Of Figures Figure 1.1 - Roadmap .....................................................................................................5 Figure 2.1 – Looking Ahead In The Chapter..................................................................12 Figure 2.2 – An XML File...............................................................................................18 Figure 2.3 – An XML Document ....................................................................................20 Figure 2.4 – Transforming A Document Into HTML Format ...........................................21 Figure 2.5 – Data Type Definition ..................................................................................23 Figure 2.6 – Related XML document .............................................................................24 Figure 2.7 – XML Document With Internal DTD.............................................................25 Figure 2.8 – Part Of A Schema .....................................................................................29 Figure 2.9 – A Schema Design View .............................................................................30 Figure 2.10 – XSLT Transformation Process.................................................................33 Figure 3.1 – An Example Of A Web Service..................................................................39 Figure 3.2 – Web Services As A Bridge For Businesses ...............................................41 Figure 3.3 – A Typical Web Services Environment........................................................41 Figure 3.4 – WSDL........................................................................................................43 Figure 3.5 – The UDDI Repository ................................................................................44 Figure 3.6 – Using WSDL To Advertise Web Services For A Business .........................47 Figure 3.7 – A Simple Example Using SOAP To Send A Message ...............................48 Figure 3.9 – A SOAP Message Path Including Intermediaries.......................................55 Figure 4.1 – The Five Security Services ........................................................................67 Figure 5.1 – XML And Web Services Integrated............................................................75 Figure 5.2 – XML And Web Services Integration Expanded ..........................................75 Figure 6.1 – Web Services Workflow.............................................................................80 Figure 6.2 – Single Sign-On ..........................................................................................84 Figure 6.3 – Assertions, Protocol And Binding...............................................................85.

(17) Figure 6.4 - SAML Authentication..................................................................................86 Figure 6.5 – SAML Architecture ....................................................................................87 Figure 6.6 – SAML Producer-Consumer Model .............................................................89 Figure 6.7 – OASIS XACML standard ...........................................................................91 Figure 6.8 – XML Encryption .........................................................................................94 Figure 6.9 – The XML-Encryption Cycle ........................................................................95 Figure 6.10 – XML Digital Signature Elements ..............................................................98 Figure 6.11 – Web Services Interaction.........................................................................99 Figure 6.12 – Web Services Security Abstractions ......................................................101 Figure 7.1 – XML/Web Services Integrated .................................................................105.

(18) PART 1: INTRODUCTION TO XML AND WEB SERVICES. CHAPTER 1:. INTRODUCTION AND ROADMAP. CHAPTER 2:. OVERVIEW OF XML. CHAPTER 3:. OVERVIEW OF XML WEB SERVICES. 1.

(19) Chapter 1 – Introduction And Roadmap. CHAPTER 1 - INTRODUCTION AND ROADMAP 1.1. CHAPTER OUTLINE Introduction Problem Statement Objectives For The Dissertation Approach To Be Used Overview Of Each Chapter Chapter Summary Looking Ahead. 1.2. INTRODUCTION. The research will be based on two new technologies, namely XML and XML Web services. It will illustrate whether or not these technologies adhere to and support the 5 security services, namely (1): (a). Identification and Authentication;. (b). Authorization;. (c). Confidentiality;. (d). Integrity;. (e). Non-repudiation;. In order to draw a conclusion regarding this problem, it is important to define and provide a study of XML and XML Web services. The research will start by providing a descriptive discussion surrounding these technologies. This will form part of chapter 2 and chapter 3. This dissertation is not a technical dissertation surrounding XML and Web services. The main focus is on the security features that are incorporated into the two technologies. It is however necessary to provide a discussion surrounding the basic features of the two technologies. This is what chapter 2 and chapter 3 provide. Chapter 4 will be a brief overview of security in general. This will provide a better understanding of the security concepts dealt with later. Chapter 5 illustrates how XML and Web services assimilate with one another.. 2.

(20) Chapter 1 – Introduction And Roadmap. The path that the dissertation will then follow is one of investigating the various security features surrounding both XML and XML Web services. The goal is to investigate which security features are present and which are lacking in relation to the 5 security services. This forms part of chapter 6. Chapter 7 is where the 5 security services will then be mapped to the two technologies, providing a graphical view. This will provide a clear visual picture of whether or not XML and XML Web services adhere to the security services or whether these technologies lack the much needed security mechanisms or tools. The dissertation will end with chapter 8 which will provide a conclusion for the dissertation. 1.3. PROBLEM STATEMENT. ARE THE FIVE (5) INFORMATION SECURITY SERVICES INTEGRATED INTO XML AND XML WEB SERVICES?. 1.4. OBJECTIVES FOR THE DISSERTATION To provide a comprehensive evaluation of whether or not the five (5) Information Security Services form part of the security surrounding XML and XML Web services. This evaluation will be achieved by creating a cross mapping between the security mechanisms surrounding XML and XML Web services, and the five (5) Information Security Services.. 1.5. THE APPROACH TO BE USED. In order to achieve the objectives of the research, the following aspects will be discussed: (a). Investigate XML and XML Web services;. (b). Describe what is meant by computer security and introduce the five security services;. (c). Investigate the security features relating to XML and XML Web services; 3.

(21) Chapter 1 – Introduction And Roadmap. (d). Provide a graphical mapping of the 5 security services together with the corresponding mechanisms that each technology employs. The mapping will show whether or not the technologies adhere to the security services, indicating gaps or flaws in each technology, from a security viewpoint.. The approach will be based on a qualitative research of text references and diagrams in order to provide conclusions. A complete literature review will discuss the following topics: a). XML;. b). XML Web services;. c). Computer Security;. d). Security mechanisms surrounding XML and XML Web services;. e). A table/mapping illustrating to what extent XML and XML Web Services support the 5 security services;. f). Conclusion;. Figure 1.1 illustrates the roadmap for the dissertation.. 4.

(22) Chapter 1 – Introduction And Roadmap. Figure 1.1 - Roadmap Chapter 1 – Introduction And Roadmap. Chapter 2 – Overview Of XML. Chapter 3 – Overview Of XML Web Services. Chapter 4 – Computer Security. Chapter 5 – XML And Web Services Integrated. Chapter 6 – XML And Web Services Security. Chapter 7 – Mapping XML And XML Web Services Against The 5 Security Services. Chapter 8 – Conclusion. Each chapter will be briefly reviewed.. 5.

(23) Chapter 1 – Introduction And Roadmap. 1.6. OVERVIEW OF EACH CHAPTER. 1.6.1. CHAPTER 2: Overview Of XML. This chapter discusses the concept of Extensible Markup Language (XML). XML can be XML provides a portable description that describes what data means as well as the representation of that data.. defined as a simple, very flexible text format. It is a markup language like Hypertext Markup Language (HTML) and it is a meta language, implying that it is a language used to describe a markup language (23). The term “markup” is a language that is used by a programmer. XML provides a way of describing information to facilitate electronic data interchange, to produce files by Web servers and much more. A tool or utility takes the XML documents, which contains text expressed in the language and carries out some process by converting it to another format. This chapter discusses the various components related to XML. Another topic discussed in the chapter is that of transforming XML documents into user readable documents that are used for every day purposes. The chapter also describes where XML is used today. Running parallel with chapter 2 is chapter 3 which focuses on describing the other technology, namely XML Web services. 1.6.2. CHAPTER 3: Overview Of XML Web Services. XML Web Services is closely related to XML in that it utilizes XML technology. This Web services provide a way for companies to conduct business with one another where transactions can be handled efficiently.. chapter will describe what XML Web Services are and how XML Web Services are revolutionizing the Information Technology industry. These services are powerful, allowing applications to communicate with each other more effectively (24). Web Services are providing application-to-application communication enabling applications to communicate more efficiently without having to work out the underlying mechanics of the communication. Web services provide a more efficient way of conducting business over the Internet. They provide a framework in which transactions can take place between businesses (B2B) by creating a new layer that allows B2B integration to be handled efficiently. XML is the technology on which all Web services technology is built. XML Web services and Web services are used interchangeably. This chapter discusses an important concept that is linked to Web services, namely Web Services Description Language (WSDL). WSDL provides the mechanism through which Web services definitions are exposed to the world and to which Web services implementers need to conform when sending messages. WSDL describes the data types and structures for the Web services, explains how to map the data types and. 6.

(24) Chapter 1 – Introduction And Roadmap. structures into the messages that are exchanged, and includes information that ties the messages to underlying implementations. Another concept that is discussed in the chapter is Simple Object Access Protocol or SOAP. The way in which Web services communicate with one another and exchange messages is via SOAP. SOAP defines a common format for XML messages over HTTP and other forms of transportation. It is a one-way, asynchronous messaging technology that can be adapted and used in a variety of message-passing interaction styles: remote procedure call (RPC) oriented, document oriented and publish and subscribe, among others. Now that the two technologies have been introduced it is important to identify and describe common security terminology that will enable the reader to understand the chapter on security better. 1.6.3. CHAPTER 4: Computer Security. This chapter has been included solely for background purposes. It is a chapter that Computer security provides a way to secure information assets.. describes basic information security concepts and can also be seen as an appendix. Information security and computer security are used interchangeably. In this chapter computer security will be defined as the discipline for controlling access to information and resources. Computer security is therefore securing information assets. By ensuring that the confidentiality, integrity and availability of the assets are preserved, the information assets will therefore not be compromised. The 5 security services form the foundation of computer security. These 5 services are: Identification and Authentication; Authorization; Confidentiality; Integrity and NonRepudiation. This chapter introduces these security services. The table below provides a brief explanation of each security service. Table 1.1 – The Five (5) Security Services. SECURITY SERVICE •. Identification and Authentication. •. Authorization (logical Access Control). •. Confidentiality. •. Integrity. •. Non-repudiation. DEFINITION. Identifying the user (user-id) and checking that the user’s profile exists on the computer and ensuring that the authentication parameter offered is valid; Controlling the access rights of the user; Protecting data and software by assuring that only authorized users may view the contents of the data or software; Protecting the data by assuring that only authorized users may update or make changes to the data; Providing proof that the user who digitally signs a transaction can be held responsible, that the user cannot dispute the fact that they performed a transaction;. 7.

(25) Chapter 1 – Introduction And Roadmap. Now that the important security terminology has been introduced the next chapter will illustrate how XML and Web services integrate with each other in the Web environment. 1.6.4. CHAPTER 5: XML And Web Services Integrated. This chapter provides the reader with an understanding of how XML and Web services relate to one another. The chapter provides an explanation of why and how this chapter evolved. The chapter has a brief explanation of what XML and Web services are. The chapter provides 2 diagrams. The first one shows how Web services is built on XML technology and the other one shows the various security mechanisms that are in place in order for the Web services environment to exist and thrive. 1.6.5. CHAPTER 6: XML And Web Services Security. This is one of the most important chapters of the dissertation due to the fact that this chapter provides an answer to the problem statement. Because Web services are built on XML technology, the 5 security services encompass this. This chapter describes the security features relating to XML and Web services. Security is vital especially in the environment in which society lives today where most transactions are handled online. Technologies designed to meet security requirements have evolved but the basic requirements remain the same. The 5 security services form part of the basic requirement that remains the constant. In this chapter the core XML security features will be described in relation to the 5 security services. One of the most complex issues that companies have been confronted with on the Internet is that of security. The 5 security services form the basic requirements to the security problem on the Internet. Now that there is an understanding of the two technologies, not only in general but in terms of their respective security mechanisms, the next chapter will focus on merging the concepts and presenting them in a graphical presentation. 1.6.6. CHAPTER 7 – Mapping XML And XML Web Services Against The 5 Security Services. In a world that is ever changing and relentlessly introducing new technology, it is important not to forget the principles behind security, constantly striving to create an environment that can become the foundation of maintaining security. This chapter will provide a mapping of the security mechanisms of XML and Web services against the 5 security services as described in chapter 6. The mapping will. 8.

(26) Chapter 1 – Introduction And Roadmap. allow the reader to see the various security mechanisms that are in place in an XML/Web services environment. 1.6.7. CHAPTER 8: Conclusion. This chapter will summarize the research providing a conclusion to the problem statement.. 1.7. CHAPTER SUMMARY. To summarize, chapter 1 has provided an introduction to the research topic. It has also briefly described XML and XML Web Services as being the 2 technologies that will be investigated. The important aspect of security was also introduced. The 5 security services form the foundation of security and these security services were briefly introduced. 1.8. LOOKING AHEAD The next chapter will provide: An overall understanding of what XML is; Why XML has been developed; XML strengths and weaknesses; A discussion of the various components of XML; A discussion on how XML documents are transformed into other formats; Where it is used in today’s computing environment;. 9.

(27) Chapter 2 – Overview Of XML. CHAPTER 2 - OVERVIEW OF EXTENSIBLE MARKUP LANGUAGE (XML). Chapter 1 – Introduction And Roadmap. Chapter 2 – Overview Of XML. Chapter 3 – Overview Of XML Web Services. Chapter 4 – Computer Security. Chapter 5 – XML And Web Services Integrated. Chapter 6 – XML And Web Services Security. Chapter 7 – Mapping XML And XML Web Services Against The 5 Security Services. Chapter 8 – Conclusion. 10.

(28) Chapter 2 – Overview Of XML. 2.1. CHAPTER OUTLINE Introduction XML Defined XML Components DTD XML Schema Transforming XML Documents Other XML Languages XML In Today’s IT Environment Summary Looking Ahead. 2.2. INTRODUCTION. This chapter presents a summary of XML. This chapter is by no means a technical chapter. The purpose of this chapter is to introduce and familiarize the reader to the concepts associated with XML. The approach that will be used in order to create a complete discussion surrounding XML is illustrated in Figure 2.1.. 11.

(29) Chapter 2 – Overview Of XML. Figure 2.1 – Looking Ahead In The Chapter. 2.3 XML Defined. 2.4 XML Components. 2.4.1 Document Type Definitions (DTD). 2.4.2 XML Schemas. 2.5 XML Transformations. 2.6 Other XML Languages. 2.7 XML in today’s IT environment. 2.3. XML DEFINED. XML provides a portable description that describes what data means as well as the representation of that data (2). In other words, XML will take the data and transform it into a format that is visually pleasing to the user. It is also a meta language which means that it describes a markup language. An existing form of XML can be used to create XML documents or you can create your own version of XML.. 12.

(30) Chapter 2 – Overview Of XML. 2.3.1. XML Applications. Before describing what XML is, describing the kinds of applications that XML can be applied to will provide an idea of what XML is. These applications fall into 4 categories (22), namely: A.. Where a distributed program needs to interact with two or more sources of data, where these sources are expressed in different formats;. Travel Packages (distributed program) Inserting XML here will eliminate the problem of incompatible systems/databases. XML. Company (South African) Airways). Travel Agent. Incompatible systems and databases / different data sets to the Travel Packages. B.. Applications that move large amounts of processing onto client computers;. XML Server version of a Book. Client Book (HTML format) No standard interchange language. Inserting XML here will eliminate the problem of incompatible interchange languages. 13.

(31) Chapter 2 – Overview Of XML. C.. Applications where users need to see different views/formats of the same data;. Word document. Spreadsheet. XML HTML. Database. Directly. Viewed by browser. D.. Indirectly. Applications where objects need to move around a network gathering information; X. XML. Mobile Agent. If the agent requests X, does the agent receive X?. Now that XML has been described in terms of day-to-day usage, the next section will focus on why XML evolved and how it evolved. 2.3.2. The Evolution Of XML. The following “timeline” illustrates where XML originated from.. GML 1973. SGML 1986. HTML 1990. XML 1998. 14.

(32) Chapter 2 – Overview Of XML. Generalized Markup Language (GML) (2) was developed due to the fact that there was a need to separate formatting instructions from the contents of the document. This would allow documents to be more portable between applications. By making use of certain tags that identified different types of components in a document, the separation was made possible. GML made it possible for different applications to work together and the document became transportable. Documents could be printed in different styles. For documents to be properly displayed in various environments, the need to develop a standard became the next focus point. By standardizing tags, each tag can communicate its specific layout in its respective environment. A standard based on GML principles evolved and Standard Generalized Markup Language (SGML) (2) was developed. SGML is however too large and cumbersome to be used for Web browserrelated functions/problems. Due to this, HTML was developed. 2.3.3. Web Based Markup Languages. Hypertext Markup Language (HTML) is a derivative of SGML created specifically for the Web and it is the most frequently used markup and hypertext technology in use today. The advantages of HTML are: HTML is platform-independent; HTML uses predefined markup tags; HTML is free; HTML is widely supported and it is simple; HTML focuses on presenting the data for users in a web-based environment; HTML is however plagued with problems. Some of these problems include the following: No strict syntax checking; HTML is expressed in various ways, depending on which browser was used. The programmer needs to create duplicate HTML code for different browsers; In addition, HTML uses a limited and restricted set of elements and attributes. This means that developers can only draw from the same limited set of elements. In conclusion, the need for greater power and flexibility in markup languages used on the Internet led to a return to the SGML drawing board and to the development of XML. There is however an XML-related language called XHTML which is the new generation of HTML with the extensibility of XML (2).. 15.

(33) Chapter 2 – Overview Of XML. The World Wide Web Consortium (W3C) decided to investigate and create a markup language that dealt with the many problems that were plaguing HTML. In 1998 Extensible Markup Language (XML) evolved which is a smaller, easier version of SGML with the focus being on describing data. XML is platform-independent and focuses on the creation, management and maintenance of large volumes of information. As its name defines XML is a computer language that fits into the category of being a markup language and a meta language. XML is two languages in one. 2.3.4. XML As A Markup Language. A markup language in terms of XML, is used to design various ways of describing data, mostly for the use of storage, transmission or processing by some program. Markup refers to the insertion of symbols or characters to indicate how the information will appear when it is displayed (25). Markup is also related to describing a document’s logical structure. For example, have you ever taken a report that you have written and corrected it by writing notes like: ‘place this in a new paragraph’ or ‘this should be in bold and underlined’? By doing this you have unknowingly marked up your data. The Internet comprises of networks that transmit data in a wired or wireless way, through firewalls, via routers and hubs. Due to the diverse way in which this data moves through gateways, it is important that the recipient of that information is able to interpret it. Documents that use markup are text-based allowing them to remain independent of platforms and operating systems. Markup may have been done in shorthand when reviewing a report manually but when used in an electronic environment they are indicators called tags. By making use of tags a developer is able to describe the contents of a document as accurately as possible. The tag can then be read and processed by an XML-enabled Web browser. A developer can create the document by making use of Notepad, a word processing application or using an integrated development environment editor (IDE), like XML Spy. Now that XML has been defined in terms of a markup language, to complete the picture XML is also a metalanguage and the following paragraph describes XML as a metalanguage. 2.3.5. XML As A Metalanguage. XML provides a function of being able to create a formal description of another language. Whereas other programming languages have a defined syntax that. 16.

(34) Chapter 2 – Overview Of XML. programmers use to create programs, XML is used to create XML-based languages that create documents for use by a developer, an organization or an industry. The developer creates a collection of components that describes the content of their document. Many types of documents can be represented in various forms, ranging from text, graphics to multimedia, e-commerce transactions and Application Program Interfaces (APIs). There is a very deliberate structure that is applied when creating an XML based-language with content. Now that XML has been defined, why is it so important? 2.3.6. Why is XML Such An Important Development?. When an industry, for example a university, creates an XML-based language with standards, it provides an effortless way for the community to share high volumes of information over the Internet and World Wide Web in an effective and fast way. Different industries are facilitating the transfer of information by creating XML-based languages that allow the entire industry to make use of it. There are hundreds of XML-based languages that have been developed. Table 2.1 below shows some examples of these XML-based languages. Table 2.1 – XML-based Languages ETD-ML ITML XSL. ACRONYM. LANGUAGENAME / DESCRIPTION Electronic Dissertation & Dissertation Markup Language – converts theses from for example Word to XML; Information Technology Markup Language – set of specifications for protocols, message formats and best practices; Extensible Stylesheet Language - the style standard for XML specifying the presentation and appearance of an XML document;. These are not the only reasons why XML is important in today’s Web-based environment. It is also an emerging technology which seems to play an important part in other technologies, like XML Web services which will be explained in the next chapter. Before continuing, figure 2.2 illustrates a simple example of what an XML file looks like. 2.3.7. A Practical Example. Figure 2.2 illustrates a simple example of XML.. 17.

(35) Chapter 2 – Overview Of XML. Figure 2.2 – An XML File XML File <?xml version=”1.0”?>   <message> <saying> <tomyfriend>Hello There!</tomyfriend> </saying> </message>. Viewed By Browser. Integrated Into Word Document. Integrated Into A Database. Figure 2.2 illustrates how a user can create an XML file that contains a simple message saying “Hello There!”. The message is contained in tags. There is an open tag and a closing tag for each element except when representing an empty tag. The tag called <message> has another tag within it called <saying>. The <saying> tag has another tag within it called <tomyfriend> which holds the message. Each tag has an end tag which starts with a forward slash or “/”. Although XML is a technology that has many uses, like most technologies it also has weaknesses (2). 2.3.8. XML Weaknesses XML is growing more rapidly than browser technology, creating an environment where XML is not compatible with browsers; Because of the complexity of the data in certain circumstances, XML might not be able to meet the needs of the application and the industry then needs to consider moving to SGML;. In spite of its weaknesses, XML is growing rapidly and is fast becoming one of the accepted and widely used technologies. So far we have defined XML, we have seen some applications where XML can be used, we have looked at where XML originated from, we have seen a practical example of what XML looks like and we have looked at the weaknesses that XML has. The next paragraph explains the various components that XML comprises of.. 18.

(36) Chapter 2 – Overview Of XML. 2.4. XML COMPONENTS. What components are needed to provide a framework for an XML document? The W3C Recommendation states that an XML document needs to have a physical XML was not designed to do anything, XML was created to structure , store and to send information.. structure containing entities that are comprised of parsed or unparsed data (2). Parsed entities contain text (markup or content data). Unparsed entities are resources whose content may or may not be text and may be in another format other than XML. The W3C also states that an XML document needs to have a logical structure (2). This part of the XML document comprises of elements nested within other elements. The elements have tags that group similar elements together. The major components of an XML document are: The prolog; The root element and other elements; The prolog and the root element together with the other elements form the physical structure. (a). The Prolog. As its name suggests the prolog is the introduction or the beginning of an event. It is the first major logical component within an XML document. The prolog provides information or comments which includes the XML version, the person who created the XML document to name a few. The prolog needs to be placed in front of the root. (b). Root elements and other elements. These are the building blocks of an XML document. They consist of structure, properties and functions. The root element together with the other elements create the logical structure. Figure 2.3 below illustrates a simple example of an XML document.. 19.

(37) Chapter 2 – Overview Of XML. Figure 2.3 – An XML Document 1 <?xml version=”1.0” encoding=”UTF-8” standalone=”yes”?> Prolog. 2 <?xml-stylesheet type=”text/css” href=”contacts.css”?> 3 <!—edited with Notepad by 200008666 Root element. 4 <contacts> 5. Root element and other elements. <sales>. 6. <lastname>Smith</lastname>. 7. <firstname>Ann</firstname>. 8. <email>[email protected]</email>. 9. <phone>0114450982</phone>. 10. </sales>. 11. <custsrv>. 12. <lastname>Black</lastname>. 13. <firstname>Alex</firstname>. 14. <email>[email protected]</email>. 15. <phone>0129824596</phone>. 16. Other elements. </custsrv>. 17 </contacts>. Figure 2.3 provides an overview of the various XML components and related structures that are needed to generate an HTML document. This diagram illustrates a typical XML document. Lines 1 to 3 represent the Prolog. Lines 4 to 17 represent the root element and other elements. It is very structured and allows for ease of reading. This XML document illustrates contacts that consist of salespersons and customers. This document illustrates only one salesperson and one customer. To provide an overall picture, once the XML document has been created as seen in Figure 2.3, the next step is to create a DTD or schema. The schema consists of the rules that need to be applied to the XML document in order for it to be transformed properly and displayed in the desired format. Figure 2.4 below illustrates this process. The concepts illustrated in Figure 2.4 are discussed in more detail further on in the chapter.. 20.

(38) Chapter 2 – Overview Of XML. 1. The XML document is created. 2. The DTD or schema is created along with the XML document. 3. These two documents together form Extensible Stylesheet Language (XSL) files. 4. These XSL files are validated by the XML parser which in turn relinquishes control to the XSL parser. 5. The XSL parser generates the transformation and the result is an HTML document. Figure 2.4 – Transforming A Document Into HTML Format 1. XML document. 2. XML DTD / Schema. <?xml version="1.0" encoding="UTF-8"?>  <?xml-stylesheet type="text/xsl" href="D:\RAU\home\Ch05\customer.xslt"?> <TLSales xmlns="http://tlsales.com/namespace" xmlns:xsi="http://www.w3.org/2001/XMLSchema -instance" xsi:schemaLocation="http://tlsales.com/namespace D:\RAU\home\Ch05\customer.xsd"> <Address> <Name>Jacqui Chetty</Name>. <xs:element name="TLSales"> <xs:annotation> <xs:documentation>TLSales customer schema</xs:documentation> </xs:annotation> <xs:complexType> <xs:sequence> <xs:element name="Address" type="AddressType"/> <xs:element ref="Customer" maxOccurs="unbounded"/> </xs:sequence> </xs:complexType>. 3. XSL File(s). Transformation. 4. XML. <?xml version="1.0" encoding="UTF-8"?> <xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"> <xsl:output method="xml" version="1.0" encoding="UTF-8" indent="yes"/> <xsl:template match="/"> <html> <head> <title> CUSTOMER ADDRESS AND PHONE LIST</title> </head> <body>. 5. XSL HTML. Process (XSLT). Parser. parser document. CUSTOMER ADDRESS AND PHONE LIST. Jacqui Chetty Street: 25 Motor Street City: Melville. 21.

(39) Chapter 2 – Overview Of XML. Now that we have established a clearer understanding of the bigger picture, let’s have a look at the components in more detail, starting with the DTD. 2.4.1. Document Type Definitions (DTD). When working with XML a document type definition (DTD) or an XML schema needs to be developed (although this in not mandatory). This document modeling provides rules and structure for the XML language with a document that contains valid components and structural relationships among the components. With a DTD, each of your XML files can carry a description of its own format with it. This allows independent groups of people to agree on the use of a common DTD for interchanging data. DTD’s do have drawbacks and this was widely known when XML 1.0 was accepted as a Recommendation by the World Wide Consortium (W3C) in 1998 (2). These shortcomings are: (a). DTD’s have their own syntax which is different to that of XML and this means that it cannot be processed by a standard XML parser;. (b). DTD’s have a limited ability to describe data, for example if an element is a number it cannot be indicated;. (c). DTD’s have limited support for namespaces, meaning that elements cannot have the same name without being in conflict (namespaces are discussed in paragraph 2.4.2.4);. The DTD provides a model for the XML document by creating a set of allowed elements. The DTD therefore forms the vocabulary of the language (26). This content model is a pattern that indicates what elements or data can be nested within other elements, the order in which they may appear, how many are allowed and whether they are mandatory or optional. The DTD also includes a set of allowed attributes, which could be anything from the datatype of the element, the default value or any other related behaviour. Figure 2.5 below illustrates a typical DTD.. 22.

(40) Chapter 2 – Overview Of XML. Figure 2.5 – Data Type Definition Prolog. Element declarations. Element declarations. Attribute list declarations. Attribute list declarations. <?xml version="1.0" encoding="UTF-8"?>  <!ELEMENT Company (Name, Department+)> <!ELEMENT Name (#PCDATA)> <!ELEMENT Department (Name, Employee*)> <!ELEMENT Employee (FirstName, LastName, (PartTime | FullTime))> <!ATTLIST Employee EmpID ID #REQUIRED > <!ELEMENT FirstName (#PCDATA)> <!ELEMENT LastName (#PCDATA)> <!ELEMENT PartTime EMPTY> <!ATTLIST PartTime HourlyRate CDATA "$9.75" > <!ELEMENT FullTime (StockOptionGrant*)> <!ATTLIST FullTime Salary CDATA #REQUIRED BenefitPkg (Tier1 | Tier2 | Tier3) "Tier1" > <!ELEMENT StockOptionGrant EMPTY> <!ATTLIST StockOptionGrant TotalOptions CDATA #REQUIRED StrikePrice CDATA #REQUIRED >. Whereas the XML document represents the data, the DTD sets the rules. Figure 2.5 illustrates various element rules or structure. The element: <!ELEMENT Employee (FirstName, LastName, (PartTime | FullTime))>. (highlighted in Figure 2.5),. is the Employee element which must consist of the tags firstname, lastname and either have a tag of fulltime or parttime. These are the rules that the XML document must adhere to. Attached to the group of elements, is the attribute list declarations (as seen in Figure 2.5). These attributes provide further rules that need to apply to the element (s). The attribute: <!ATTLIST Employee EmpID ID #REQUIRED indicates. that the EmpID field must be filled and cannot be. left blank. If you have ever filled in an electronic form there are certain fields that are mandatory. The same concept applies here. It is not necessary to understand figure 2.5 completely. It is enough to glance over it so that the overall structure is understood. Figure 2.6 illustrates the related XML document.. 23.

(41) Chapter 2 – Overview Of XML. Figure 2.6 – Related XML document <?xml version="1.0" encoding="UTF-8"?>  <!DOCTYPE Company SYSTEM "D:\RAU\home\jacqui\Ch04\company.dtd"> <Company> <Name> AcmeCo</Name> <Department> External DTD reference <Name> IT</Name> <Employee EmpID="_001"> <FirstName>Erica</FirstName> <LastName>Reynolds</LastName> <PartTime/> </Employee> <Employee EmpID="_002"> <FirstName>David</FirstName> <LastName>Campbell</LastName> <FullTime Salary="$60,000" BenefitPkg="Tier2"> <StockOptionGrant TotalOptions="15,000" StrikePrice="$0.70 "/> </FullTime> </Employee> </Department> </Company>. To recap, the XML document is created as illustrated in figure 2.6 and together with the DTD as seen in figure 2.5, form the two main documents that are parsed and eventually form the HTML document (or any other visually attractive document). The DTD defines the rules and the XML document contains the content. Note how figure 2.6 directly relates to figure 2.5, as it should. The element <Employee> has the mandatory tags and data, namely: <Employee EmpID=”001”> <FirstName>Erica</FirstNAme> <LastName>Reynolds</Lastname> <PartTime/> </Employee>. Figure 2.5 illustrates the rules, namely: <!ATTLIST Employee EmpID ID #REQUIRED > <!ELEMENT FirstName (#PCDATA)> <!ELEMENT LastName (#PCDATA)> <!ELEMENT PartTime EMPTY> <!ATTLIST PartTime HourlyRate CDATA "$9.75" >. The attribute rule has also been adhered to by placing a “001” in the EmpID tag.. 24.

(42) Chapter 2 – Overview Of XML. The XML document and DTD can be a combined document as illustrated in Figure 2.7. This is called an internal DTD as opposed to Figure 2.5 which illustrates an external DTD consisting of a completely separate XML document as illustrated in Figure 2.6. Figure 2.7 – XML Document With Internal DTD. Internal DTD. XML document. <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE Contact [ <!ELEMENT Contact (Name, PhoneNumber, FaxNumber, Email)> <!ELEMENT Name (FirstName, LastName)> <!ELEMENT FirstName (#PCDATA)> <!ELEMENT LastName (#PCDATA)> <!ELEMENT PhoneNumber (#PCDATA)> <!ELEMENT FaxNumber (#PCDATA)> <!ELEMENT Email (#PCDATA)> ]> <Contact> <Name> <FirstName>Jack</FirstName> <LastName>Cunningham</LastName> </Name> <PhoneNumber>204-555-1234</PhoneNumber> <FaxNumber>204-555-4321</FaxNumber> <Email>[email protected]</Email></Contact>. To recap, DTD’s define the rules for an XML document that contains the data to which the rules need to be applied. DTD’s were derived from SGML. XML being a smaller version of SGML therefore inherited DTD’s. As was mentioned in paragraph 2.4.1, DTD’s do have shortcomings. These shortcomings are most certainly not the only shortcomings so the W3C formed an XML Schema Working Group that has created a standard referred to as XML Schema or XSchema. XML Schema allows you to easily specify relationships between elements but it is also a lot more complex and requires a fair amount of learning. Schemas will be replacing DTD’s (3). Converting existing DTD’s to Schemas is possible. 2.4.2. Schemas. Due to DTD’s having drawbacks, the W3C formed a new recommendation in the form of XML Schemas, that are written in XML. The developer therefore does not have to learn grammar. Schemas are the standard that will be utilized in the future (2). However, DTD’s can be converted into schemas. Once the schema has been developed the next step is to transform the structure/rules (schema) into a working document. Schemas are a standardized way of describing the structure of information within the XML document (27). It provides the same output as a DTD but because it is the. 25.

(43) Chapter 2 – Overview Of XML. accepted recommendation by the W3C (2) it will be used in the future. As simple and restrictive as a DTD can be, so can a schema be complicated, yet allow more flexibility. When making use of an Integrated Development Environment (IDE) like XML Spy, a schema can easily be created using windows, drop-down menus and other graphical user interfaces. XML Spy creates an environment that allows the schema to be created in a schema design view that is similar to that of creating a flowchart. The various elements become the flowcharts and various restrictions or attributes can be added to the elements. For example, an element ”DiscountCode” can be restricted to the datatype of “integer” and cannot be given a value more than “999”. These kinds of flexibilities would not be found when creating DTD’s. Below are some of the advantages of using schemas as opposed to DTD’s. 2.4.2.1. Advantages of Schemas. Some of the advantages of using a schema are: XML Schemas are extensible to future additions; XML Schemas are richer and more useful than DTDs; XML Schemas are written in XML and support data types; XML Schemas support namespaces; Namespaces is an important aspect of XML and is used in DTD’s and schemas. Because namespaces are utilized frequently, a brief explanation on namespaces is appropriate. XML Namespaces provides a method to avoid element name conflicts (3). 2.4.2.2. What Are Name Conflicts?. Since element names in XML are not fixed, very often a name conflict will occur when two different documents use the same names describing two different types of elements. For example, this XML document carries information in a table (fruit): <table> <tr> <td>Apples</td> <td>Bananas</td> </tr> </table>. This XML document also carries information about a table (a piece of furniture):. 26.

(44) Chapter 2 – Overview Of XML. <table> <name>African Coffee Table</name> <width>80</width> <length>120</length> </table>. If these two XML documents were added together, there would be an element name conflict because both documents contain a <table> element with different content and definition. 2.4.2.3. Solving Name Conflicts Using A Prefix. One way of solving the naming conflict is as follows: This XML document carries information in a table: <h:table> <h:tr> <h:td>Apples</h:td> <h:td>Bananas</h:td> </h:tr> </h:table>. This XML document carries information about a piece of furniture: <f:table> <f:name>African Coffee Table</f:name> <f:width>80</f:width> <f:length>120</f:length> </f:table>. Now the element name conflict is illiminated because the two documents use a different name for their <table> element, namely (<h:table> and <f:table>). By using a prefix, we have created two different types of <table> elements. This is a relatively primitive way of solving the problem though. A much more sophisticated way is to make use of namespaces. 2.4.2.4. Using Namespaces. To illustrate namespaces: An XML document carries information in a table: <h:table xmlns:h="http://www.w3.org/TR/html4/"> <h:tr> <h:td>Apples</h:td> <h:td>Bananas</h:td> </h:tr> </h:table>. Another XML document also carries information about a piece of furniture:. 27.

(45) Chapter 2 – Overview Of XML. <f:table xmlns:f="http://www.w3schools.com/furniture"> <f:name>African Coffee Table</f:name> <f:width>80</f:width> <f:length>120</f:length> </f:table>. Instead of using only prefixes, an xmlns attribute has been added to the <table> tag to give the element prefix a qualified name associated with a namespace. 2.4.2.4.1. The Namespace Attribute (xmlns). The namespace attribute is placed in the start tag of an element and has the following syntax: xmlns:namespace-prefix="namespace". In the example below, the namespace itself is defined using an Internet address: xmlns:f="http://www.w3schools.com/furniture". Note: The address used to identify the namespace is not used by the parser to look up information. The only purpose is to give the namespace a unique name. However, very often companies use the namespace as a pointer to a real Web page containing information about the namespace. It also guarantees uniqueness. The W3C namespace specification states that the namespace itself should be a Uniform Resource Identifier (URI). 2.4.2.4.2. Uniform Resource Identifiers. A Uniform Resource Identifier (URI) is a string of characters that identifies an Internet Resource. The most common URI is the Uniform Resource Locator (URL) that identifies an Internet domain address. Another, not so common type of URI is the Universal Resource Name (URN). 2.4.2.4.3. Default Namespaces. When a namespace is defined in the start tag of an element, all child elements with the same prefix are associated with the same namespace. It has the following syntax: <element xmlns="namespace">. 28.

(46) Chapter 2 – Overview Of XML. This XML document carries information about a table: <table xmlns="http://www.w3.org/TR/html4/"> <tr> <td>Apples</td> <td>Bananas</td> </tr> </table>. This XML document carries information about a piece of furniture: <table xmlns="http://www.w3schools.com/furniture"> <name>African Coffee Table</name> <width>80</width> <length>120</length> </table>. Figure 2.8 below illustrates a schema. Namespaces are used and can be clearly seen. It is not necessary to understand this diagram and it should only be glanced at. Figure 2.8 should be viewed together with figure 2.9. Figure 2.8 – Part Of A Schema <?xml version="1.0" encoding="UTF-8"?>  <xs:schema targetNamespace="http://tlsales.com/namespace" xmlns="http://tlsales.com/namespace" xmlns:xs="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified" attributeFormDefault="unqualified"> <xs:element name="TLSales"> <xs:annotation> <xs:documentation>TLSales customer schema</xs:documentation> </xs:annotation> <xs:complexType> <xs:sequence> <xs:element name="Address" type="AddressType"/> <xs:element ref="Customer" maxOccurs="unbounded"/> </xs:sequence> </xs:complexType> </xs:element> <xs:complexType name="AddressType"> <xs:sequence> <xs:element name="Name" type="xs:string"/> <xs:element name="Street" type="xs:string"/> <xs:element name="City" type="xs:string"/> </xs:sequence> </xs:complexType> <xs:complexType name="Cdn-Address"> <xs:complexContent> <xs:extension base="AddressType"> <xs:sequence> <xs:element name="PostalCode" type="xs:string"/> <xs:element name="Province" type="xs:string"/> </xs:sequence> </xs:extension> </xs:complexContent>. 29.

(47) Chapter 2 – Overview Of XML </xs:complexType> <xs:element name="Customer"> <xs:complexType> <xs:sequence> <xs:element name="First" type="xs:string"/> <xs:element name="Last" type="xs:string"/> <xs:element name="Phone" type="xs:string"/> <xs:element name="Fax" type="xs:string"/> <xs:element name="Email" type="xs:string"/> <xs:element name="DiscountCode"> <xs:simpleType> <xs:restriction base="xs:integer"> <xs:maxInclusive value="999"/>. Figure 2.8 may look long and complicated but when a developer is creating the schema in XML Spy, it will be created in a design view as shown in Figure 2.9. Developing the schema using the design view is a lot easier, making use of visual graphics that allows the user to quickly build the data structure. XML Spy will then generate the code as reflected in Figure 2.8. Figure 2.9 – A Schema Design View Address. TLSales. Name. -. Street City. -. Customer. -. First Last Phone Fax Email DisctCode. The next section is a complete example illustrating an XML document with a DTD and a Schema. 2.4.2.5. A Complete Example (a). A Simple XML Document. The simple XML document is called "rememberme.xml".. 30.

No results found