14.4. XKMS Cryptographic Algorithms
This section describes some of the cryptographic algorithms (or lack thereof) that are supported by XKMS and related XML elements.
Clearly, a client must be assured that any response it receives which appears to be from an XKMS service actually comes from that service, has not been altered in transit, and is sent in response to the actual request submitted by the client. XKMS leaves the method of achieving such assurances up to the application, but recommends that it be built on one of the following:
An XML digital signature in the response (Chapter 10)
Communication over a channel secured at the transport layer, such as using TLS [RFC 2246]
Communication over a channel secure at the network layer, such as IPSEC ...
Get Secure XML: The New Syntax for Signatures and Encryption now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.