BKSECXML.RVW 20020831 "Secure XML", Donald E. Eastlake/Kitty Niles, 2003, 0-201-75605-6, U$44.99/C$69.99 %A Donald E. Eastlake III %A Kitty Niles %C P.O. Box 520, 26 Prince Andrew Place, Don Mills, Ontario M3C 2T8 %D 2003 %G 0-201-75605-6 %I Addison-Wesley Publishing Co. %O U$44.99/C$69.99 416-447-5101 fax: 416-443-0948 %P 532 p. %T "Secure XML: The New Syntax for Signatures and Encryption" Part one is introductory material. Chapter one is about XML (eXtensible Markup Language), but is not very clear, especially in regard to the relationship between XML, SGML (Standard Generalized Markup Language), and HTML (HyperText Markup Language). Security concepts do not play a big part. The tutorial on cryptography, in chapter two, is very simplistic, uses obtuse language, and is much harder on the reader than is really necessary. Part two deals with the basics of XML. Chapters three through eight present some of the syntax and structure of XML documents, DTDs (Document Type Definitions), Schemas (particularly unclear), XPath, XPointer, and SOAP. That is about all they provide: the material is not helpful in explaining uses, or how the parts fit into a framework or package. Part three covers canonicalization and authentication. Canonicalization is important to authentication, as chapter nine points out, because it allows us to eliminate meaningless differences between essentially the same file, as when different file systems use varying newline characters or sequences. Ordinarily, such differences would result in differences in hash code results, and therefore a false failure of authentication. Chapter ten outlines signature syntax, while eleven talks very briefly about the XMLDSIG standard for digital signatures, and twelve reviews the European Telecommunications Standards Institute's (ETSI) somewhat more advanced signatures. Part four looks at keying, with the KeyInfo element in chapter thirteen, and XKMS key management in fourteen. Chapter fifteen, on the proposed XMLENC standard, and sixteen, containing some discussion of combinations of encryption and signatures, make up part five. Part six, entitled "Algorithms," reviews algorithm specification, in chapter seventeen; available algorithms, in eighteen; and related non- cryptographic algorithms, in nineteen. The writing is turgid, almost deliberately dense, and fails to provide necessary tutorial details. Those who are well familiar with XML will find some particulars regarding the specific encryption documents, but few others will find the work useful. copyright Robert M. Slade, 2002 BKSECXML.RVW 20020831