Q
Problem solve Get help with specific problems with your technologies, process and projects.

Protecting information through XML messaging and business portals

We are looking to send an XML message on a B2B basis. We want the client, Mr. X, to send a request for data to Company Y, via business portal Z. Part of the XML request will contain a username and password relating to Company Y. In order for business portal Z to forward the request they will need to decrypt the request. Unfortunately this means that they will be able to view the username and password. Is there a way to protect the username/password so that the business portal Z cannot view it but Company Y can?

In your case, since Client X and Company Y do not have a direct trust relationship established, but that both X...

& Y trust Z as an independent third party to forward the Data. It would be better if Portal Z can provide a Digital Signature to Both X and Y, which allows them both to authenticate users without a formal agreement between them. This means you do not need to provide any username or passwords in your XML messages as the authentication will be done using Digital Signatures.

Also,since you are already using XML, considering incorporation of SAML (Security Assertion Markup Langauge) would help resolve most of your security issues.SAML allows companies to exchange authentication, authorization, and profile information securely regardless of platform. The idea of using SAML is to provide a common language for security between companies in B2B and B2C business transactions.

For more Information on SAML, you can refer following links.

http://xml.coverpages.org/saml.html

http://www.netegrity.com/products/index.cfm?leveltwo=SAML

http://www.oasis-open.org/committees/security/

This was last published in March 2002

Dig Deeper on Data management tutorials

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchBusinessAnalytics

SearchAWS

SearchContentManagement

SearchOracle

SearchSAP

SearchSQLServer

Close