Abstract:
In this modern world electronic business is growing rapidly. While there is excellent ebusiness value in the ebXML. But security problem remains an unsolved problem and one
of the largest obstacles to assumption. ebXML (Electronic Business Using eXtensible
Markup Language) is an e-business standard which qualifies enterprises to exchange
business messages, conduct trading relationships, communicate data in common terms and
define and register business processes. XML security technologies have that kind of suitable
power for security implementation such as encryption, digital signature, access control and
authentication.
In this paper we have proposed ebXML business transaction models that grant trading
partners to securely exchange XML based business transactions by applying XML security
technologies.
Description:
There are so many well-known familiar security technologies that can be used by ebXML
implementers to solve the risks. In electronic business many of the existing technologies such as
user-id and password, PKI(Public Key Infrastructure) and token that can provide user
identification and authentication to solve the unauthorized transactions fraud problems.
SSL (Secure Socket Layer) and S/MIME (Secure multi-purpose Internet Mail Extensions) are used
to solve secrecy and authentication problem. To solve error detection problem, we can be used
typical tools such as anti-virus software and intrusion detection software. To resolve potential loss
of management and audit problems, we can be used PKI. To solve the potential legal liability
problem, we can be applied policies and procedures including audits and controls.
XML security technologies have that kind of suitable power for security implementation such as
encryption, digital signature, access control and authentication.XML digital signatures and SAML
(Security Assertion Markup Language) can be absorbed to solve the unauthorized transactions and
fraud problems in electronic business systems.XML digital signatures are used in ebXML to
provide data integrity on messages. SAML is used to provide identification, authentication and
authorization.
Besides, XACML (XML Access Control Markup language) is used to allow or deny access to an
XML resource. XML encryption is used to solve the loss of confidentiality problem. XKMS (XML
Key Management Specification) is used for key management as a substitute for PKI.