ebXML (Electronic Business using eXtensible
Markup Language) is an e-business standard, sponsored by
UN/CEFACT and OASIS, which enables enterprises to exchange
business messages, conduct trading relationships, communicate
data in common terms and define and register business
processes. While there is tremendous e-business value in the
ebXML, security remains an unsolved problem and one of the
largest barriers to adoption. XML security technologies emerging
recently have extensibility and flexibility suitable for security
implementation such as encryption, digital signature, access
control and authentication.
In this paper, we propose ebXML business transaction models
that allow trading partners to securely exchange XML based
business transactions by employing XML security technologies.
We show how each XML security technology meets the ebXML
standard by constructing the test software and validating messages
between the trading partners.
[1] W3C Recommendation, Extensible Markup Language (XML) 1.0 (Second
Edition), W3C, T. Bray, J. Paoli, C.M. Sperberg-McQueen, E. Maler,
2000.
[2] Web Services Architecture Working Group Working Draft, Web Services
Architecture, Web Services Architecture Working Group, D. Booth, H.
Hass, F. McCabe, et. Al., 2003
[3] UN/CEFACT and OASIS Technical Specifications, ebXML Technical
Architecture Specification, UN/CEFACT and OASIS, B., C. Barham,
2001.
[4] UN/CEFACT and OASIS Technical Reports, ebXML Technical
Architecture Risk Assessment V1.0, UN/CEFACT and OASIS, ebXML
Security Team, 2001.
[5] R. Conrad, D. Scheffner, and J. Freytag, "XML conceptual Modeling
using UML", 19th International Conference on Conceptual Modeling,
Salt Lake City, Utah, U.S.A., 2000.
[6] Transport Layer Security Working Group Internet Draft, The SSL
Protocol, Transprot Layer Security Working Group, A.O. Freier, P.
Karlton, P.C. Kocher, 1996
[7] IETF RFC. 2311, S/MIME Version 2 Message Specification, Network
Working Group, 1998.
[8] ebXML, "Creating a Single Global Electronic Market,"
http://www.ebxml.org
[9] S. Patil, E. Newcomer, "ebXML and Web Services, Internet Computing",
IEEE, Vol. 7, No. 3, May-June.2003, pp. 74-82.
[10] W3C Recommendation, XML Encryption Syntax and Processing, W3C, T.
Imamura, B. Dillaway, E. Simon, 2002.
[11] W3C Recommendation, XML Signature Syntax and Processing, W3C, M.
Bartel, J. Boyer, B. Fox, B. LaMacchia and E. Simon, 2002.
[12] W. Y. Han, C. S. Park, S. Y. lim, J. H. Kang, "An XML digital signature
for Internet e-business applications", International Conferences on
Info-tech and Info-net, Beijing China, Vol. 6, No. 29, Oct.2001, pp.
23-29.
[13] W3C Working Draft, XML Key Management Specification (XKMS)
Version 2.0, W3C, W. Ford, P. Baker H., B. Fox, B. Dillaway, B.
LaMacchia, J. Epstein and J. Lapp., 2003.
[14] OASIS Committee Specification, Assertions and Protocol for the OASIS
Security Assertion Markup Language (SAML) V1.1, OASIS, E. Maler, P.
Mishra, R. Philpott R, 2003.
[15] OASIS Std., eXtensible Access Control Markup Language (XACML)
Version 1.0 OASIS Standard, OASIS, S. Godik, T. Moses, 2003.
[16] E. Bertino, E. Ferrari, "Secure and selective dissemination of XML
documents", ACM Transactions on Information and System Security
(TISSEC), Vol. 5, No. 3, Aug.2002.
[17] E. Damiani, S. Vimercati, S. Paraboschi, P. Samarati, "A fine-grained
access control system for XML documents", ACM Transactions on
Information and System Security (TISSEC), Vol. 5, No. 2, May.2002.
[18] OASIS Technical Committee, Collaboration-Protocol Profile and
Agreement Specification Version 2.0, OASIS, S. Aissi, A. Chan. et. al.,
2002.
[19] D. J. Polivy, R. Tamassia, "Authenticating Distributed Data using Web
Services And XML Signatures", Dynamic Coalitions Program of the
Defense Advanced Research Projects Agency under grant
F30602-00-2-0509 (2002)
[20] P. Devanbu, M. Gertz, A. Kwong, C. Martel, G. Nuckolls, S. G.
Stubblebine, "Flexible authentication of XML documents", ACM
Conference on Computer and Communications Security, 2001, pp.
136-145.
[21] IETF RFC. 2459, Internet X.509 Public Key Infrastructure Certificate
and CRL Profile, Network Working Group, 1999.
[22] Junseok Lee, O.H. Sung, S.-W Jung, K. S. Yoon, C.S. Park and J.-C.
Ryou, "A DRM Framework for Distributing Digital Contents through the
Internet," ETRI Journal, vol. 25, no. 6, Dec 2003, pp. 423-436
[23] B. Pfitzmann, B. Waidner, "Token-based web Single Signon with
Enabled Clients", IBM Research Report RZ 3458 (#93844), Nov.2002.
[24] J. Jeong, D. Shin, D. Shin, K. Moon., "Java-Based Single Sign-On
Library Supporting SAML (Security Markup Language) for Distributed
Web Services", Lecture Notes in Computer Science, Vol. 3007, 2004.
[1] W3C Recommendation, Extensible Markup Language (XML) 1.0 (Second
Edition), W3C, T. Bray, J. Paoli, C.M. Sperberg-McQueen, E. Maler,
2000.
[2] Web Services Architecture Working Group Working Draft, Web Services
Architecture, Web Services Architecture Working Group, D. Booth, H.
Hass, F. McCabe, et. Al., 2003
[3] UN/CEFACT and OASIS Technical Specifications, ebXML Technical
Architecture Specification, UN/CEFACT and OASIS, B., C. Barham,
2001.
[4] UN/CEFACT and OASIS Technical Reports, ebXML Technical
Architecture Risk Assessment V1.0, UN/CEFACT and OASIS, ebXML
Security Team, 2001.
[5] R. Conrad, D. Scheffner, and J. Freytag, "XML conceptual Modeling
using UML", 19th International Conference on Conceptual Modeling,
Salt Lake City, Utah, U.S.A., 2000.
[6] Transport Layer Security Working Group Internet Draft, The SSL
Protocol, Transprot Layer Security Working Group, A.O. Freier, P.
Karlton, P.C. Kocher, 1996
[7] IETF RFC. 2311, S/MIME Version 2 Message Specification, Network
Working Group, 1998.
[8] ebXML, "Creating a Single Global Electronic Market,"
http://www.ebxml.org
[9] S. Patil, E. Newcomer, "ebXML and Web Services, Internet Computing",
IEEE, Vol. 7, No. 3, May-June.2003, pp. 74-82.
[10] W3C Recommendation, XML Encryption Syntax and Processing, W3C, T.
Imamura, B. Dillaway, E. Simon, 2002.
[11] W3C Recommendation, XML Signature Syntax and Processing, W3C, M.
Bartel, J. Boyer, B. Fox, B. LaMacchia and E. Simon, 2002.
[12] W. Y. Han, C. S. Park, S. Y. lim, J. H. Kang, "An XML digital signature
for Internet e-business applications", International Conferences on
Info-tech and Info-net, Beijing China, Vol. 6, No. 29, Oct.2001, pp.
23-29.
[13] W3C Working Draft, XML Key Management Specification (XKMS)
Version 2.0, W3C, W. Ford, P. Baker H., B. Fox, B. Dillaway, B.
LaMacchia, J. Epstein and J. Lapp., 2003.
[14] OASIS Committee Specification, Assertions and Protocol for the OASIS
Security Assertion Markup Language (SAML) V1.1, OASIS, E. Maler, P.
Mishra, R. Philpott R, 2003.
[15] OASIS Std., eXtensible Access Control Markup Language (XACML)
Version 1.0 OASIS Standard, OASIS, S. Godik, T. Moses, 2003.
[16] E. Bertino, E. Ferrari, "Secure and selective dissemination of XML
documents", ACM Transactions on Information and System Security
(TISSEC), Vol. 5, No. 3, Aug.2002.
[17] E. Damiani, S. Vimercati, S. Paraboschi, P. Samarati, "A fine-grained
access control system for XML documents", ACM Transactions on
Information and System Security (TISSEC), Vol. 5, No. 2, May.2002.
[18] OASIS Technical Committee, Collaboration-Protocol Profile and
Agreement Specification Version 2.0, OASIS, S. Aissi, A. Chan. et. al.,
2002.
[19] D. J. Polivy, R. Tamassia, "Authenticating Distributed Data using Web
Services And XML Signatures", Dynamic Coalitions Program of the
Defense Advanced Research Projects Agency under grant
F30602-00-2-0509 (2002)
[20] P. Devanbu, M. Gertz, A. Kwong, C. Martel, G. Nuckolls, S. G.
Stubblebine, "Flexible authentication of XML documents", ACM
Conference on Computer and Communications Security, 2001, pp.
136-145.
[21] IETF RFC. 2459, Internet X.509 Public Key Infrastructure Certificate
and CRL Profile, Network Working Group, 1999.
[22] Junseok Lee, O.H. Sung, S.-W Jung, K. S. Yoon, C.S. Park and J.-C.
Ryou, "A DRM Framework for Distributing Digital Contents through the
Internet," ETRI Journal, vol. 25, no. 6, Dec 2003, pp. 423-436
[23] B. Pfitzmann, B. Waidner, "Token-based web Single Signon with
Enabled Clients", IBM Research Report RZ 3458 (#93844), Nov.2002.
[24] J. Jeong, D. Shin, D. Shin, K. Moon., "Java-Based Single Sign-On
Library Supporting SAML (Security Markup Language) for Distributed
Web Services", Lecture Notes in Computer Science, Vol. 3007, 2004.
@article{"International Journal of Information, Control and Computer Sciences:61558", author = "Dongkyoo Shin and Dongil Shin and Sukil Cha and Seyoung Kim", title = "A Study on the Secure ebXML Transaction Models", abstract = "ebXML (Electronic Business using eXtensible
Markup Language) is an e-business standard, sponsored by
UN/CEFACT and OASIS, which enables enterprises to exchange
business messages, conduct trading relationships, communicate
data in common terms and define and register business
processes. While there is tremendous e-business value in the
ebXML, security remains an unsolved problem and one of the
largest barriers to adoption. XML security technologies emerging
recently have extensibility and flexibility suitable for security
implementation such as encryption, digital signature, access
control and authentication.
In this paper, we propose ebXML business transaction models
that allow trading partners to securely exchange XML based
business transactions by employing XML security technologies.
We show how each XML security technology meets the ebXML
standard by constructing the test software and validating messages
between the trading partners.", keywords = "Electronic commerce, e-business standard, ebXML,XML security, secure business transaction.", volume = "2", number = "10", pages = "3551-8", }
