APPLE iPOD
Tuesday, January 15, 2008
Saturday, January 5, 2008
XML security
XML security
The subject of XML security is quite over-hyped. The whole idea of XML security can be simply described as applying common-sense security technology to a specific format, known as XML. XML security is classically described as a combination of XML Encryption and XML Digital Signature. We shall review these concepts in this article.
XML Encryption
The most interesting part about XML encryption is that we can encrypt an entire document, or its selected portions. This is very difficult to achieve in the non-XML world. We can encrypt one or all of the following portions of an XML document:
* The entire XML document
* An element and all its sub-elements
* The content portion of an XML document
* A reference to a resource outside of an XML document
The steps involved in XML encryption are quite simple, and are as follows:
1. Select the XML to be encrypted (one of the items listed earlier, i.e. all or part of an XML document).
2. Convert the data to be encrypted in a canonical form (optional).
3. Encrypt the result using public key encryption.
4. Send the encrypted XML document to the intended recipient.
The following a sample XML document, containing the details of a credit card of a user
We shall not describe the various details of this XML document, and would simply remark that it contains the credit card details, such as the user’s name, credit limit, currency, card number, issuer name and expiry details. Let us assume that we want to encrypt this. When we perform XML encryption, a standard tag called as EncryptedData comes into picture. As we have mentioned before, we can choose to encrypt selected portions of the XML document, or we can encrypt it as a whole. For illustration purposes, we shall see what happens when we encrypt only the actual credit card details (such as its number, issuer and expiry details). The result is shown in the figure below. We can see that the encrypted text is embedded inside the tag CipherData. This is another standard tag in XML encryption.
As we can see, the credit card details are now encrypted, and therefore, cannot be read/changed. The fact that we have encrypted the contents of the XML document is signified by using the xmlenc#Content value. If we had encrypted the full CreditCard element, this would have been changed to xmlenc#Element.
XML Digital Signature
As we can see, a digital signature is calculated over the complete message. It cannot be calculated only for specific portions of a message. The simple reason for this is that the first step in a digital signature creation is the calculation of the message digest over the whole message. Many practical situations demand that users be able to sign only specific portions of a message. For instance, in a purchase request, the purchase manager may want to authorize only the quantity portion, whereas the accounting manager may want to sign only the rate portion. In such cases, XML digital signatures can be used. This technology treats a message or a document as consisting of many elements, and provide for the signing of one or more such elements. This makes the signature process flexible and more practical in nature.
Posted by zameer at 3:55 AM 0 comments
Eclipse vs NetBeans
Eclipse vs NetBeans
Eclipse vs NetBeans ...On which side are you on? Let us know which IDE you think is better and why.
Think of Java IDEs and two names that will come up are Eclipse and NetBeans. I have been using NetBeans for many years now and Eclipse has been a more recent addition to my Java armory. I have enjoyed working with both tools and as such don't have a clear favorite. I prefer NetBeans a little more than Eclipse as I have been using it longer and am more comfortable with it.
The thing I am most surprised about is how rapidly Eclipse has grown and how it has well and truly eclipsed NetBeans over the past year or so.
In the article: Migrating to Eclipse: A developer's guide to evaluating Eclipse vs. Netbeans, the author shows the differences between the two IDEs.
Just Eclipse or Eclipse in its WSAD avatar or MyEclipseIDE avatar is definitely good but hey..is it so good that nobody wants to be talk of NetBeans these days??? I haven't as yet tried out the new NetBeans 4 Beta 2 but I do hope it is very good. So that the competition between Eclipse and NetBeans stays fierce and there is no clear winner.
The end user gets two very good IDEs.
Posted by zameer at 3:29 AM 0 comments
Apache Axis2 Offers Next Generation Web Services
Apache Axis2 Offers Next Generation Web Services
Axis2 is the next generation of the Apache Web service stack, that's built on a new flexible and configurable architecture. Axis2 has introduced a J2EE-like easily configurable deployment model, where the developer can bundle files into an archive file, and just drop it into a specified location in the file system. Axis2 uses AXIs Object Model (AXIOM), an XML object model meant to achieve a boost in performance. All this makes Axis2 our java developer software pick for the week
The Axis2 site says "One of the key motivations for Axis2 is to provide a clean and simple environment for implementations of associated WS standards such as Apache Sandesha and Apache WSS4J. Implementations of associated standards should be able to easily interface with the base SOAP Message handling system. In summary, Axis2 has a more modular and flexible message handling pipeline. It focuses on the details of message handling and provides clear hooks for implementations of associated Web Services standards and protocols. This evolution will allow Axis to be a foundational technology for next generation Web Services.
Apache Axis2 Version 0.94 was released recently and can be downloaded from here . The complete feature list for Axis2, as of version 0.94 is as follows:
1. AXIOM (AXis Object Model), an XML object model working on StAX (Streaming API for XML) parsing optimized for SOAP 1.1/1.2 Messages. This has complete XML infoset support.
2. Support for One-Way Messaging (In-Only) and Request Response Messaging (In-Out)
3. Module Architecture, mechanism to extend the SOAP Processing Model
4. Module version support , can have multiple versions of the same module and use them depending on the requirement.
5. Content hierarchy
6. Archive based deployment Model and Directory based deployment model
7. JWS like deployment (making Java class into Web service)
8. WSDL Code Generation Tool for Stub and skeletons
9. WS-Addressing, both the submission (2004/08) and final (2005/08) versions
10. WSS4J module for security
11. Improved and user friendly Client API
12. WSDL2Java
13. REST (REpresentational State Transfer) Support
14. Transports supports: HTTP, SMTP, TCP, JMS
15. Raw XML providers
16. Support for MTOM/ MIME/ SwA
17. SAAJ implementation
18. DOOM - New Feature
19. Pack/Unpack capability for the generated code- New Feature
20. Axis Data Binding - ADB (Framework and Schema Compiler)
21. Numerous bug fixes since last release
Posted by zameer at 3:26 AM 0 comments
Spket IDE
Spket IDE
Spket IDE is powerful toolkit for JavaScript and XML development.
The powerful editor for JavaScript, XUL/XBL and Yahoo! Widget development. The JavaScript editor provides features like code completion, syntax highlighting and content outline that helps developers productively create efficient JavaScript code.
What's new
Spket IDE 1.6.5 released - 1 Jan 2008
* Toggle Mark Occurrences for JavaScript, screenshot
* Add/Remove comment for JavaScript.
* Minor bugfixes and feature enhancements.
Posted by zameer at 3:22 AM 0 comments
Web Stats
Pay Roll Advance