Increasing security for XML transmissions: a DeltaXML solution
There are many methods for improving the security of data which is transmitted over a network. DeltaXML provides a unique method based on identifying differences between XML-encoded files that can be applied in many situations.
The delta file generated by DeltaXML when comparing two XML files can be re-combined with either of the original files to generate the other file. In situations where a secure XML data set is being updated, and these updates need to be reflected in remote copies of the data, DeltaXML provides allows users to transmit just the changes, providing a greater level security than is possible when re-transmission of the whole data set is required.
But there are other possibilities for using DeltaXML to improve security. Protected data is often sensitive because it establishes a relationship between two or more items of data, for example a login name and a password, or a name and a salary.
Let's look at a simple example to see how selective change transmission might help to improve data security. For this example we have an XML file of passwords and login details:
<secure-passwords> <security><name>johnd</name><pwd>my-password</pwd></security> <security><name>alanm</name><pwd>memdmdm</pwd></security> <security><name>joshr</name><pwd>4m5kl5m3</pwd></security>> <security><name>leong</name><pwd>2mM030</pwd></security> </secure-passwords>
We want to separate the association between the password and the login, so we generate from the above file a file with just the passwords:
<secure-passwords> <security><pwd>my-password</pwd></security> <security><pwd>memdmdm</pwd></security> <security><pwd>4m5kl5m3</pwd></security> <security><pwd>2mM030</pwd></security> </secure-passwords>
This file can be transmitted with increased security because it does not contain any login names. If we use DeltaXML to compare the two files above, we get the following delta file:
<secure-passwords xmlns:deltaxml="http://www.deltaxml.com/ns/well-formed-delta-v1"
deltaxml:delta="WFmodify">
<security deltaxml:delta="WFmodify">
<name deltaxml:delta="add">johnd</name>
<pwd deltaxml:delta="unchanged"/>
</security>
<security deltaxml:delta="WFmodify">
<name deltaxml:delta="add">alanm</name>
<pwd deltaxml:delta="unchanged"/>
</security>
<security deltaxml:delta="WFmodify">
<name deltaxml:delta="add">joshr</name>
<pwd deltaxml:delta="unchanged"/>
</security>
<security deltaxml:delta="WFmodify">
<name deltaxml:delta="add">leong</name>
<pwd deltaxml:delta="unchanged"/>
</security>
</secure-passwords>
This file, again, has just one of the data items in it, so is more secure to transmit. When the two files have been transmitted separately, they can be re-combined to generate the original file.
Many variations are possible by mixing DeltaXML's data selection and recombination options, depending on the level of security required and the degree of complexity of the data.