Your Gold Box
Search        Browse
       Bestsellers        Magazines        Corporate
& docs
       Bargain Books        Used

Search Web

  buying info
    editorial reviews
    customer reviews

Visit the Sports & Outdoors Store
Exercise & Fitness equipment and apparel to help you get on track and in shape.

So You'd Like to...

learn about the WSE?: A guide by Jeannine Gailey, WSE author

Create your guide

21 used & new from $7.10
Have one to sell?
You could win a
$50 Amazon gift certificate
or the Grand Prize. Start by
adding five items
to your Wish List.
Learn more.
Secure XML: The New Syntax for Signatures and Encryption
by Donald E. Eastlake, Kitty Niles

Availability: Usually ships within 1-2 business days

21 used & new from $7.10

Edition: Paperback

See more product details

Customers who bought this book also bought:
Explore Similar Items: 20 in Books

Customers interested in this title may also be interested in:
Sponsored Links ( What's this? ) Feedback
  • Secure XML Web Services
    DataPower XS40 XML Security Gateway A complete, secure, proven solution

  • Secure XML Encryption
    XML Encryption Tools in C/C# & Java From the Leader in Security Tools

  • Secure XML - Free Kit
    Includes ZapThink analyst Report, Tips & Tricks plus Industry Guide.

Product Details
  • Paperback: 560 pages ; Dimensions (in inches): 1.04 x 9.20 x 7.30
  • Publisher: Pearson Education; 1st edition (July 19, 2002)
  • ASIN: 0201756056
  • Average Customer Review: 5 out of 5 stars Based on 8 reviews.
  • Sales Rank in Books: #437,737
    (Publishers and authors: improve your sales)

Our Customers' Advice
See what customers recommend in addition to, or instead of, the product on this page.
Recommend an item!

See more customer buying advice
Editorial Reviews

From Book News, Inc.
This guide provides a foundation in XML and describes practical techniques for the secure transmission of data. It covers the major features and issues relate to XML security, with attention to authentication, canonization, keying, encryption, and algorithms. Historical background, guidelines, and critical analyses are presented. Flow charts help to outline key processes. Eastlake works in security development. Niles is a technical writer.Book News, Inc.®, Portland, OR

Book Info
Hands-on guide combines a strong foundation in XML with proven, practical techniques for enabling the secure transmission of data across the Web. Fully documents every feature and issue involved with XML security. Softcover.

See all editorial reviews...

All Customer Reviews
Average Customer Review: 5 out of 5 stars
Write an online review and share your thoughts with other customers.

18 of 18 people found the following review helpful:

5 out of 5 stars Seamless coverage of two technical domains, August 7, 2002
Reviewer:   Mike Tarrani "" (Deltona, FL USA) - See all my reviews
This book is actually two books - a thorough technical discussion of XML, SOAP and related technologies, and a detailed description of security infrastructures based on cryptography, digital signatures and encryption. As such it's best suited for two audiences: (1) enterprise security experts who understand the security infrastructure, but who lack a working knowledge of XML (or web services as a whole), and developers and architects who may be thoroughly familiar with XML, but who need to understand security as it applies to XML and related protocols and services. Neither audience may be completely satisfied with the book because half of the material will be too basic. However, it does draw together two groups - security and development - that need to work closely together.

What I like about the book is the clear writing and copious use of illustrations. In fact, the illustrations are a highlight because they help to convey complex topics that would have taken many more pages to explain with text alone (as well as put one to sleep). More importantly, the information is technically accurate, especially with respect to the security-related chapters. It's apparent that the authors know both XML and security exceptionally well.

I also like the comprehensive coverage of both XML (and related technologies) and security, and how the authors take each in insolation, then tie them together into a coherent explanation of how to achieve XML security. This is no small feat, and is also why much of the material in the book may seem too basic or redundant to some readers.

In addition to clear, accurate information the authors are not reticent about expressing views that run counter to mainstream wisdom, which is refreshing and, at times, amusing. Moreover, they do not hesitate to point out weaknesses in any of the technologies discussed in the book.

In my opinion this is an important book that is wide in scope, yet manages to seamlessly cover technical issues that are of interest to two widely different groups (security practitioners and architects/developers).

Was this review helpful to you?   (Report this)


21 of 27 people found the following review helpful:

5 out of 5 stars The book on XML security, September 30, 2002
Reviewer:   Ben Rothke (USA) - See all my reviews
When you read the XML specification, you will notice that it contains no notion of security. Critical security functionalities such as encryption, digital signatures, and authentication are simply not part of the XML standard. XML is similar to many other protocols, languages, and operating systems in that it was originally developed without any thought to security and privacy. It is only after serious security vulnerabilities are discovered and publicized that they are patched. But this find, patch, fix mentality of information security is dangerous in that security problems can exist for months or years before they are found.

Similarly within XML, much of the security functionality has been added post- facto, namely in Canonical XML, XML Signature, and XML Encryption Syntax and Processing. By adding security to the core feature set of XML, the W3C has ensured that,
to a degree, the find, patch, fix method won't be the manner in which XML security is developed. A good reference book can help you navigate this XML security landscape.

Topics such as authentication, encryption, XML signatures, algorithms, and keying are discussed. For the most part, the bulk of XML security is covered.

Donald Eastlake, the lead author of Secure XML: The New Syntax for Signatures and Encryption, is the co-chairman of the joint IETF/W3C XML Digital Signature working group, a member of the W3C Encryption and W3C XML Key Management System working groups, and co-author of the XML Digital Signature, XML Encryption, and XML Exclusive Canonicalization standards. It is clear that Eastlake lives and breathes XML. As Eastlake is a writer of numerous W3C XML standards, and standards are often written in a terse and abstract manner; his book has a slightly stiffer writing style than XML Security. If you can get over this style, you can appreciate the comprehensive and uthoritative look at XML the book provides from one of the key architects of the syntax.

Secure XML covers and details every XML security feature. Also, it spends a lot of time giving examples of syntax and language use. This is especially so in chapter 9, XML Canonicalization - The Key to Robustness. Canonicalization is the extraction of the standard form of some data and the discarding of insignificant aspects of the data's surface representations. The book notes that getting the right canonicalization is one of the most important, yet difficult aspects of digital authentication within XML. Chapter 10 goes into great detail about XML signatures and authentication. The chapter gives numerous code examples of various contexts, schemas, and elements that readers can use on their own XML servers. Chapter 10 also has numerous notes and historical information about XML security with information that can't be found elsewhere.

Was this review helpful to you?   (Report this)


12 of 13 people found the following review helpful:

5 out of 5 stars For an executive novice, this book shines, March 17, 2003
Reviewer:   A reader
In researching business requirements for enterprise web services, it soon became obvious that XML security would be an important issue.

I happened across this book, with a seemingly simple format and am impressed with the information it provides, the progression of information, and how well I was able to understand and comprehend the concepts detailed.

After reading serveral books on XML in general, I would recommend this book to anyone just wanting to learn XML concepts.

I wish more technical books gave me the same feeling of usefulness that this one gave me.

As they say in the movie industry... "An enthusiastic thumbs up"

Was this review helpful to you?   (Report this)


8 of 10 people found the following review helpful:

5 out of 5 stars A much-needed book, February 12, 2003
Reviewer:   David Margrave (Bellevue, WA United States) - See all my reviews
This is a great book. I rarely give a book 5 stars, but this one has earned it.

The author's technical and standards body background is a tremendous help in helping the reader sort out the substance from the hype. This book covers XML and cryptography basics, DTDs, XML Schema, XML digital signatures and encryption, and SOAP.

I like the author's comparisons of XML with other encoding schemes, particularly ASN.1 DER which is prevalent in the security standards world.

Also helpful are the author's "soapbox" comments, which handily dispel the notion that you should accept all parts of a standard as the absolute truth and the final word. For example, "X.500 identities are baroque hierarchical names in which each level of the hierarchy consists of an arbitrary, unordered set of attribute-value pairs. They are just one of the complexities and false assumptions (such as the assumption that everyone would allow themselves to be listed in one global public directory, including companies listing all their employees) that doomed the X.500 Directory as originally conceived". I love it!

You'd be hard pressed to go wrong with this book.

Was this review helpful to you?   (Report this)

See all 8 customer reviews...

Customers who bought titles by Donald E. Eastlake also bought titles by these authors:

So You'd Like To...


Look for similar books by subject:

Browse for books in:

Search for books by subject:
Computer Bks - Languages / Programming
Computer Books: General
Computer Programming Languages
Computer networks
Computer security
Cryptography/Access Control
Data encryption (Computer scie
Programming - General
Programming Languages - HTML
Programming Languages - XML
Security measures
XML (Document markup language)
Computers / Security

i.e., each book must be in subject 1 AND subject 2 AND ...

Where's My Stuff?
• Track your recent orders.
• View or change your orders in Your Account.
Shipping & Returns
• See our shipping rates & policies.
Return an item (here's our Returns Policy).
Need Help?
• Forgot your password? Click here.
Redeem or buy a gift certificate.
Visit our Help department.
Search    for     
Top of Page

Books Search  |  Browse Subjects  |  Bestsellers  |  Magazines  |  Corporate Accounts
e-Books & Docs  |  Bargain Books  |  Used Books Home  |   Directory of All Stores

Our International Sites: Canada   |   United Kingdom   |   Germany   |   Japan   |   France

Contact Us  |   Help  |   Shopping Cart  |   Your Account  |   Sell Items  |   1-Click Settings

Investor Relations  |   Press Releases  |   Join Our Staff

Conditions of Use | Privacy Notice © 1996-2004,, Inc. or its affiliates