A Domain-Specific Language for XML Security Standards
Article No.: 18, Pages 1 - 7
Abstract
A domain-specific language (DSL) is designed for a certain problem domain. Its notation is tailored to the relevant concepts and features of that domain. In this paper, we present a basis for a DSL for XML security standards. In particular, we focus on three prominent examples, i.e. XML Signature, XML Encryption, and SAML that are integrated into a common DSL. The main goals of our DSL are to make it easily comprehensible for security domain experts, easily applicable for people being familiar with at least one GPL, and easily extensible for further XML standards.
References
[1]
A. Bain, J. Mitchell, R. Sharma, D. Stefan, and J. Zimmerman. A Domain-Specific Language for Computing on Encrypted Data (Invited Talk). In IARCS Annual Conference on Foundations of Software Technology and Theoretical Computer Science (FSTTCS 2011), 2011.
[2]
M. Bartel, J. Boyer, B. Fox, B. LaMacchia, and E. Simon. XML Signature Syntax and Processing. http://www.w3.org/TR/xmldsig-core/, 2008. Second Edition.
[3]
M. Fowler. Domain Specific Languages. Addison-Wesley, 2010.
[4]
T. Hardjono, N. Klingenstein, A. Saldhana, H. Lockhart, and S. Cantor. OASIS Security Services (SAML) TC. https://www.oasis-open.org/committees/security, 2008. Version 2.0.
[5]
B. Hoisl, S. Sobernig, and M. Strembeck. Modeling and Enforcing Secure Object Flows in Process-driven SOAs: An Integrated Model-driven Approach. Software and Systems Modeling (SoSyM), 13(2), 2014.
[6]
T. Imamura, B. Dillaway, E. Simon, K. Yiu, and M. Nyström. XML Encryption Syntax and Processing. http://www.w3.org/TR/xmlenc-core1/, 2013. Version 1.1.
[7]
M. Mernik, J. Heering, and A. M. Sloane. When and how to develop domain-specific languages. ACM Computing Surveys (CSUR), 34(4), 2005.
[8]
J. D. Nielsen and M. I. Schwartzbach. A domain-specific programming language for secure multiparty computation. In Proceedings of the 2007 workshop on Programming languages and analysis for security, 2007.
[9]
S. Schefer-Wenzl and M. Strembeck. Modeling Context-Aware RBAC Models for Mobile Business Processes. International Journal of Wireless and Mobile Computing (IJWMC), 6(5), 2013.
[10]
S. Schefer-Wenzl and M. Strembeck. Model-driven Specification and Enforcement of RBAC Break-Glass Policies for Process-Aware Information Systems. Information and Software Technology (IST), 2014.
[11]
S. Schefer-Wenzl and M. Strembeck. Modeling Support for Role-Based Delegation in Process-Aware Information Systems. Business & Information Systems Engineering (BISE), forthcoming. Accepted for publication.
[12]
R. Shirey. Internet Security Glossary. Number 2828 in Request for Comments. IETF, May 2000.
[13]
M. Strembeck and U. Zdun. An Approach for the Systematic Development of Domain-Specific Languages. Software: Practice and Experience (SP&E), 39(15), 2009.
[14]
P. Thiemann. An embedded domain-specific language for type-safe server-side web scripting. ACM Transactions on Internet Technology (TOIT), 5(1):1--46, 2005.
[15]
W3C. XML Current Status. http://www.w3.org/standards/techs/xml, 2013.
Index Terms
- A Domain-Specific Language for XML Security Standards
Recommendations
When and how to develop domain-specific languages
Domain-specific languages (DSLs) are languages tailored to a specific application domain. They offer substantial gains in expressiveness and ease of use compared with general-purpose programming languages in their domain of application. DSL development ...
Declaratively defining domain-specific language debuggers
GCPE '11Tool support is vital to the effectiveness of domain-specific languages. With language workbenches, domain-specific languages and their tool support can be generated from a combined, high-level specification. This paper shows how such a specification ...
Declaratively defining domain-specific language debuggers
GPCE '11: Proceedings of the 10th ACM international conference on Generative programming and component engineeringTool support is vital to the effectiveness of domain-specific languages. With language workbenches, domain-specific languages and their tool support can be generated from a combined, high-level specification. This paper shows how such a specification ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
Copyright © 2014 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 25 August 2014
Check for updates
Author Tags
Qualifiers
- Research-article
- Research
- Refereed limited
Conference
ECSAW '14
ECSAW '14: European Conference on Software Architecture Workshops
August 25 - 29, 2014
Vienna, Austria
Acceptance Rates
ECSAW '14 Paper Acceptance Rate 29 of 43 submissions, 67%;
Overall Acceptance Rate 80 of 120 submissions, 67%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 114Total Downloads
- Downloads (Last 12 months)5
- Downloads (Last 6 weeks)2
Reflects downloads up to 16 Nov 2024
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in