A References

Table A-1 lists the standards documents and protocols referenced in this document.

Table A-1 Security Standards and Protocols

Document Reference

[AES-128]

W3C Recommendation XML Encryption: XML Encryption Syntax and Processing, 10 December 2002. See Block Encryption Algorithms,http://www.w3.org/2001/04/xmlenc#aes128-cbc and http://www.w3.org/2001/04/xmlenc#kw-aes128

[AES-192]

W3C Recommendation XML Encryption: XML Encryption Syntax and Processing, 10 December 2002. See Block Encryption Algorithms,http://www.w3.org/2001/04/xmlenc#aes192-cbc and http://www.w3.org/2001/04/xmlenc#kw-aes192

[AES-256]

W3C Recommendation XML Encryption: XML Encryption Syntax and Processing, 10 December 2002. See Block Encryption Algorithms,http://www.w3.org/2001/04/xmlenc#aes256-cbc and http://www.w3.org/2001/04/xmlenc#kw-aes256

Cryptography

Bruce Schneier, Applied Cryptography: Protocols, Algorithms, and Source Code in C (2nd Edition), John Wiley and Sons, 1996.

Cryptography

William Stallings, Cryptography and Network Security: Principles and Practice (3rd Edition), Prentice Hall, 2002.

[DES-EDE]

W3C Recommendation XML Encryption: XML Encryption Syntax and Processing, 10 December 2002. See Block Encryption Algorithms,http://www.w3.org/2001/04/xmlenc#aes128-cbc and http://www.w3.org/2001/04/xmlenc#kw-tripledes

Diffie-Hellman Key Agreement

W3C Recommendation XML Encryption: XML Encryption Syntax and Processing, 10 December 2002. See Diffie-Hellman Key Agreement, http://www.w3.org/2001/04/xmlenc#dh

[DSA-SHA]

W3C Recommendation XML Encryption: XML Encryption Syntax and Processing, 10 December 2002. See DSA, http://www.w3.org/2000/09/xmldsig#dsa-sha1

JSON Web Token

JSON Web Token (JWT) Draft. See http://tools.ietf.org/html/draft-jones-json-web-token-05

Liberty Alliance

Liberty Alliance Project ID-FF 1.2 and ID-WSF 2.0 Specifications, http://www.projectliberty.org/resources/specifications.php

[PKCS]

RSA Laboratories, "Public-Key Cryptography Standards (PKCS)", http://www.rsasecurity.com/rsalabs/node.asp?id=2125

[PKCS1]

RSA Laboratories, "PKCS #1: RSA Cryptography Standard", http://www.rsasecurity.com/rsalabs/node.asp?id=2125

[PKCS3]

RSA Laboratories, "PKCS #3: Diffie-Hellman Key Agreement Standard", http://www.rsasecurity.com/rsalabs/node.asp?id=2126

[PKCS5]

RSA Laboratories, "PKCS #5: Password-Based Cryptography Standard", http://www.rsasecurity.com/rsalabs/node.asp?id=2127

[PKCS6]

RSA Laboratories, "PKCS #6: Extended-Certificate Syntax Standard", http://www.rsasecurity.com/rsalabs/node.asp?id=2128

[PKCS7]

RSA Laboratories, "PKCS #7: Cryptographic Message Syntax Standard", http://www.rsasecurity.com/rsalabs/node.asp?id=21299

[PKCS8]

RSA Laboratories, "PKCS #8: Private-Key Information Syntax Standard", http://www.rsasecurity.com/rsalabs/node.asp?id=2130

[PKCS9]

RSA Laboratories, "PKCS #9: Selected Attribute Types", http://www.rsasecurity.com/rsalabs/node.asp?id=2131

[PKCS10]

RSA Laboratories, "PKCS #10: Certification Request Syntax Standard", http://www.rsasecurity.com/rsalabs/node.asp?id=2132

[PKCS11]

RSA Laboratories, "PKCS #11: Cryptographic Token Interface Standard", http://www.rsasecurity.com/rsalabs/node.asp?id=2133

[RFC2311]

S. Dusse, P. Hoffman, B. Ramsdell, L. Lundblade, L. Repka, "S/MIME Version 2 Message Specification". March 1998, http://www.ietf.org/rfc/rfc2311.txt

[RFC2459]

R. Housley, W. Ford, W. Polk, D. Solo, "Internet X.509 Public Key Infrastructure Certificate and CRL Profile". January 1999, http://www.ietf.org/rfc/rfc2459.txt

[RFC2510]

C. Adams, S. Farrell, "Internet X.509 Public Key Infrastructure Certificate Management Protocols". March 1999, http://www.ietf.org/rfc/rfc2510.txt

[RFC2511]

M. Myers, C. Adams, D. Solo, D. Kemp, "Internet X.509 Certificate Request Message Format". March 1999, http://www.ietf.org/rfc/rfc2511.txt

[RFC2560]

M. Myers, R. Ankney, A. Malpani, S. Galperin, C. Adams, "X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP". June 1999, http://www.ietf.org/rfc/rfc2560.txt

[RFC2630]

R. Housley, "Cryptographic Message Syntax". June 1999, http://www.ietf.org/rfc/rfc2630.txt

[RFC2634]

P. Hoffman, Editor, "Enhanced Security Services for S/MIME". June 1999, http://www.ietf.org/rfc/rfc2634.txt

[RFC3161]

C. Adams, P. Cain, D. Pinkas, R. Zuccherato, "Internet X.509 Public Key Infrastructure Time-Stamp Protocol (TSP)". August 2001, http://www.ietf.org/rfc/rfc3161.txt

[RFC3274]

P. Gutmann, "Compressed Data Content Type for Cryptographic Message Syntax (CMS)". June 2002, http://www.ietf.org/rfc/rfc3274.txt

[RFC3275]

D. Eastlake, J. Reagle, D. Solo, "(Extensible Markup Language) XML-Signature Syntax and Processing". March 2002, http://www.ietf.org/rfc/rfc3275.txt

[RFC3280]

R. Housley, W. Polk, W. Ford, D. Solo, "Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile". April 2002, http://www.ietf.org/rfc/rfc3280.txt

[RSA-OAEP]

W3C Recommendation XML Encryption: XML Encryption Syntax and Processing, 10 December 2002. See RSA-OAEP, http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p

[RSA-SHA]

W3C Recommendation XML Encryption: XML Encryption Syntax and Processing, 10 December 2002. See PKCS1 (RSA-SHA1), http://www.w3.org/2000/09/xmldsig#rsa-sha1

[RSAES-OAEP]

R. Housley. "RFC 3560 - Use of the RSAES-OAEP Key Transport Algorithm in Cryptographic Message Syntax (CMS)," http://www.faqs.org/rfcs/rfc3560.html

[RSAES-PKCS1-v1_5]

W3C Recommendation XML Encryption: XML Encryption Syntax and Processing, 10 December 2002. See RSA Version 1.5, http://www.w3.org/2001/04/xmlenc#rsa-1_5

[SAML]

OASIS Security Services (SAML) TC, http://www.oasis-open.org/committees/security/

[WSS]

OASIS Web Services Security (WSS) TC, http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=wss

[WSS v1.0]

OASIS Standards and Other Approved Work, http://www.oasis-open.org/specs/index.php#wssv1.0.

This OASIS standard contains the following:

  1. OASIS WSS SOAP Message Security Specification

  2. OASIS WSS Username Token Profile Specification

  3. OASIS WSS X.509 Certificate Token Profile Specification

  4. OASIS WSS SAML Assertion Token Profile Specification

  5. OASIS WSS REL Token Profile Specification

[XKMS 2.0]

W. Ford, P. Hallam-Baker, B. Fox, B. Dillaway, B. LaMacchia, J. Epstein, J. Lapp, "XML Key Management Specification", 30 March 2001, http://www.w3.org/TR/xkms/.

[xml.com]

O'Reilly xml.com, http://www.xml.com/

[XML 1.0]

W3C Recommendation XML 1.0: Extensible Markup Language (XML) 1.0 (Third Edition), 04 February 2004. http://www.w3.org/TR/REC-xml/

[XML Canonicalization]

W3C Recommendation Canonical XML: Canonical XML Version 1.0, 15 March 2001. http://www.w3.org/TR/xml-c14n

[Exclusive XML Canonicalization]

W3C Recommendation Exclusive XML Canonicalization: Exclusive XML Canonicalization Version 1.0, 15 March 2001. http://www.w3.org/TR/xml-exc-c14n/

[XML Decryption Transform]

W3C Recommendation XML Decryption Transform: Decryption Transform for XML Signature, 10 December 2002. http://www.w3.org/TR/xmlenc-decrypt

[XML Encryption]

W3C Recommendation XML Encryption: XML Encryption Syntax and Processing, 10 December 2002. http://www.w3.org/TR/xmlenc-core/

[XML FAQ]

Java Technology and XML FAQs, http://java.sun.com/xml/faq.html

[XML Signatures]

W3C Recommendation XML Signature: XML-Signature Syntax and Processing, 12 February 2002. http://www.w3.org/TR/xmldsig-core/