JCP Specifications
based tokens, and how to include opaque encrypted keys.
Business-to-Business (B2B) and Business-to-Consumer (B2C) e-com-
merce transactions. SAML defines an XML framework for exchanging
authentication and authorization information. SAML uses XML-encoded
security assertions and XML-encoded request/response protocol and
specifies rules for using assertions with standard transport and messaging
frameworks. SAML provides interoperability between disparate security
systems. SAML can be applied to facilitate three use cases: single sign-
on, distributed transactions, and authorization services.
security policy. XACML defines an extensible structure for the core
schema and namespace for expressing authorization policies in XML. A
common policy language, when implemented across an enterprise, allows
the enterprise to manage the enforcement of all the elements of its secu-
rity policy in all the components of its information systems.
responsibility for the development of Java technology. The JCP primarily guides
the development and approval of Java technical specifications. The JCP is work-
ing on the following specifications related to web services security. The specifi-
cations can be viewed from the JCP web site at http://www.jcp.org/en/jsr/all.
A key objective of the protocol design is to minimize the complexity of
applications using XML Signature. By becoming a client of the trust ser-
vice, the application is relieved of the complexity and syntax of the under-
lying PKI used to establish trust relationships, which may be based upon a
different specification such as X.509/PKIX, SPKI or PGP.
vices. The XML Digital Signature specification is defined by the W3C.