Authors: Dongkyoo Shin, Dongil Shin, Sukil Cha, Seyoung Kim

Abstract:

ebXML (Electronic Business using eXtensible Markup Language) is an e-business standard, sponsored by UN/CEFACT and OASIS, which enables enterprises to exchange business messages, conduct trading relationships, communicate data in common terms and define and register business processes. While there is tremendous e-business value in the ebXML, security remains an unsolved problem and one of the largest barriers to adoption. XML security technologies emerging recently have extensibility and flexibility suitable for security implementation such as encryption, digital signature, access control and authentication. In this paper, we propose ebXML business transaction models that allow trading partners to securely exchange XML based business transactions by employing XML security technologies. We show how each XML security technology meets the ebXML standard by constructing the test software and validating messages between the trading partners.

Keywords: Electronic commerce, e-business standard, ebXML, XML security, secure business transaction.

Digital Object Identifier (DOI): doi.org/10.5281/zenodo.1079380

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1697

References:

[1] W3C Recommendation, Extensible Markup Language (XML) 1.0 (Second Edition), W3C, T. Bray, J. Paoli, C.M. Sperberg-McQueen, E. Maler, 2000.
[2] Web Services Architecture Working Group Working Draft, Web Services Architecture, Web Services Architecture Working Group, D. Booth, H. Hass, F. McCabe, et. Al., 2003
[3] UN/CEFACT and OASIS Technical Specifications, ebXML Technical Architecture Specification, UN/CEFACT and OASIS, B., C. Barham, 2001.
[4] UN/CEFACT and OASIS Technical Reports, ebXML Technical Architecture Risk Assessment V1.0, UN/CEFACT and OASIS, ebXML Security Team, 2001.
[5] R. Conrad, D. Scheffner, and J. Freytag, "XML conceptual Modeling using UML", 19th International Conference on Conceptual Modeling, Salt Lake City, Utah, U.S.A., 2000.
[6] Transport Layer Security Working Group Internet Draft, The SSL Protocol, Transprot Layer Security Working Group, A.O. Freier, P. Karlton, P.C. Kocher, 1996
[7] IETF RFC. 2311, S/MIME Version 2 Message Specification, Network Working Group, 1998.
[8] ebXML, "Creating a Single Global Electronic Market," http://www.ebxml.org
[9] S. Patil, E. Newcomer, "ebXML and Web Services, Internet Computing", IEEE, Vol. 7, No. 3, May-June.2003, pp. 74-82.
[10] W3C Recommendation, XML Encryption Syntax and Processing, W3C, T. Imamura, B. Dillaway, E. Simon, 2002.
[11] W3C Recommendation, XML Signature Syntax and Processing, W3C, M. Bartel, J. Boyer, B. Fox, B. LaMacchia and E. Simon, 2002.
[12] W. Y. Han, C. S. Park, S. Y. lim, J. H. Kang, "An XML digital signature for Internet e-business applications", International Conferences on Info-tech and Info-net, Beijing China, Vol. 6, No. 29, Oct.2001, pp. 23-29.
[13] W3C Working Draft, XML Key Management Specification (XKMS) Version 2.0, W3C, W. Ford, P. Baker H., B. Fox, B. Dillaway, B. LaMacchia, J. Epstein and J. Lapp., 2003.
[14] OASIS Committee Specification, Assertions and Protocol for the OASIS Security Assertion Markup Language (SAML) V1.1, OASIS, E. Maler, P. Mishra, R. Philpott R, 2003.
[15] OASIS Std., eXtensible Access Control Markup Language (XACML) Version 1.0 OASIS Standard, OASIS, S. Godik, T. Moses, 2003.
[16] E. Bertino, E. Ferrari, "Secure and selective dissemination of XML documents", ACM Transactions on Information and System Security (TISSEC), Vol. 5, No. 3, Aug.2002.
[17] E. Damiani, S. Vimercati, S. Paraboschi, P. Samarati, "A fine-grained access control system for XML documents", ACM Transactions on Information and System Security (TISSEC), Vol. 5, No. 2, May.2002.
[18] OASIS Technical Committee, Collaboration-Protocol Profile and Agreement Specification Version 2.0, OASIS, S. Aissi, A. Chan. et. al., 2002.
[19] D. J. Polivy, R. Tamassia, "Authenticating Distributed Data using Web Services And XML Signatures", Dynamic Coalitions Program of the Defense Advanced Research Projects Agency under grant F30602-00-2-0509 (2002)
[20] P. Devanbu, M. Gertz, A. Kwong, C. Martel, G. Nuckolls, S. G. Stubblebine, "Flexible authentication of XML documents", ACM Conference on Computer and Communications Security, 2001, pp. 136-145.
[21] IETF RFC. 2459, Internet X.509 Public Key Infrastructure Certificate and CRL Profile, Network Working Group, 1999.
[22] Junseok Lee, O.H. Sung, S.-W Jung, K. S. Yoon, C.S. Park and J.-C. Ryou, "A DRM Framework for Distributing Digital Contents through the Internet," ETRI Journal, vol. 25, no. 6, Dec 2003, pp. 423-436
[23] B. Pfitzmann, B. Waidner, "Token-based web Single Signon with Enabled Clients", IBM Research Report RZ 3458 (#93844), Nov.2002.
[24] J. Jeong, D. Shin, D. Shin, K. Moon., "Java-Based Single Sign-On Library Supporting SAML (Security Markup Language) for Distributed Web Services", Lecture Notes in Computer Science, Vol. 3007, 2004.