You are in: ECommerce-Guide > News > Trends

ECommerce-Guide Essentials eBiz FAQ Everything you need to know to start your own successful e-business. Selling on eBay How to make money in the online marketplace. PayPal Payments and More What's new in secure payments for your online store. Shopping Cart Software Solutions to close, process and track your online sales.

More Than A Language -- XML Is A Security Tool Too!
By Mark Merkow, CCP, CISSP
May 13, 1999

Some Banking Initiatives Using XML

As you begin to appreciate the value of enabling this degree of security on Internet communications, you can also begin to appreciate their value, especially where e-commerce is concerned.

XML as a potential security solution doesn''t stop with IBM''s Security Suite. The Signed Document Markup Language (SDML) is also working its way through the IETF process. Its intent is fourfold:

• Tag individual text items within a document
• Group the text items into document parts which can have business meaning and can be signed individually or together
• Allow document parts to be added and deleted without invalidating previous signatures, and
• Allow signing, co-signing, endorsing, co-endorsing, and witnessing operations on documents and document parts.

SDML is a part of the Electronic Check Project from the Financial Services Technology Consortium (FSTC). Another initiative from FSTC is called the Bank Internet Payment System, or BIPS. It includes a protocol for sending payment instructions to banks via the Internet, along with a payment server architecture for processing those payment instructions. Appendix G of the specification includes the XML structures and DTDs for BIPS.

Characteristics of Network Payment Protocol (NPP)-specific messages include:

• All messages are in XML
• All messages begin with a BIPS XML header
• All fields are self-identifying
• All messages are signed
• All messages include the originator''s certificate
• All request messages include a user-supplied transaction number
• All message responses include the signature of the user on the original request
• All response messages include a bank-supplied transaction number and the user-supplied transaction number.

As industry leaders respond to the demands of corporate suppliers and financial services institutions, a synergy forms, enabling far more than either could possibly achieve alone. Once the security requirements are met with industrial-strength solutions that are reliable, predictable, and impervious to attacks, the dreams of global electronic commerce come that much closer to bearing irresistible fruits.

Tools:

Add ecommerce-guide.com to your favorites Add ecommerce-guide.com to your browser search box IE 7 | Firefox 2.0 | Firefox 1.5.x Receive news via our XML/RSS feed