Home > Articles > Web Services > XML

XML Reference Guide

  • Mar 14, 2003

📄 Contents

  1. XML Reference Guide
  2. Overview
  3. What Is XML?
  4. Informit Articles and Sample Chapters
  5. Books and e-Books
  6. Official Documentation
  7. Table of Contents
  8. The Document Object Model
  9. Informit Articles and Sample Chapters
  10. Books and e-Books
  11. Official Documentation
  12. DOM and Java
  13. Informit Articles and Sample Chapters
  14. Books and e-Books
  15. Implementations
  16. DOM and JavaScript
  17. Using a Repeater
  18. Repeaters and XML
  19. Repeater Resources
  20. DOM and .NET
  21. Informit Articles and Sample Chapters
  22. Books and e-Books
  23. Documentation and Downloads
  24. DOM and C++
  25. DOM and C++ Resources
  26. DOM and Perl
  27. DOM and Perl Resources
  28. DOM and PHP
  29. DOM and PHP Resources
  30. DOM Level 3
  31. DOM Level 3 Core
  32. DOM Level 3 Load and Save
  33. DOM Level 3 XPath
  34. DOM Level 3 Validation
  35. Informit Articles and Sample Chapters
  36. Books and e-Books
  37. Documentation and Implementations
  38. The Simple API for XML (SAX)
  39. Informit Articles and Sample Chapters
  40. Books and e-Books
  41. Official Documentation
  42. SAX and Java
  43. Informit Articles and Sample Chapters
  44. Books and e-Books
  45. SAX and .NET
  46. Informit Articles and Sample Chapters
  47. SAX and Perl
  48. SAX and Perl Resources
  49. SAX and PHP
  50. SAX and PHP Resources
  51. Validation
  52. Informit Articles and Sample Chapters
  53. Books and e-Books
  54. Official Documentation
  55. Document Type Definitions (DTDs)
  56. Informit Articles and Sample Chapters
  57. Books and e-Books
  58. Official Documentation
  59. XML Schemas
  60. Informit Articles and Sample Chapters
  61. Books and e-Books
  62. Official Documentation
  63. RELAX NG
  64. Informit Articles and Sample Chapters
  65. Books and e-Books
  66. Official Documentation
  67. Schematron
  68. Official Documentation and Implementations
  69. Validation in Applications
  70. Informit Articles and Sample Chapters
  71. Books and e-Books
  72. XSL Transformations (XSLT)
  73. Informit Articles and Sample Chapters
  74. Books and e-Books
  75. Official Documentation
  76. XSLT in Java
  77. Java in XSLT Resources
  78. XSLT and RSS in .NET
  79. XSLT and RSS in .NET Resources
  80. XSL-FO
  81. Informit Articles and Sample Chapters
  82. Books and e-Books
  83. Official Documentation
  84. XPath
  85. Informit Articles and Sample Chapters
  86. Books and e-Books
  87. Official Documentation
  88. XML Base
  89. Informit Articles and Sample Chapters
  90. Official Documentation
  91. XHTML
  92. Informit Articles and Sample Chapters
  93. Books and e-Books
  94. Official Documentation
  95. XHTML 2.0
  96. Documentation
  97. Cascading Style Sheets
  98. Informit Articles and Sample Chapters
  99. Books and e-Books
  100. Official Documentation
  101. XUL
  102. XUL References
  103. XML Events
  104. XML Events Resources
  105. XML Data Binding
  106. Informit Articles and Sample Chapters
  107. Books and e-Books
  108. Specifications
  109. Implementations
  110. XML and Databases
  111. Informit Articles and Sample Chapters
  112. Books and e-Books
  113. Online Resources
  114. Official Documentation
  115. SQL Server and FOR XML
  116. Informit Articles and Sample Chapters
  117. Books and e-Books
  118. Documentation and Implementations
  119. Service Oriented Architecture
  120. Web Services
  121. Informit Articles and Sample Chapters
  122. Books and e-Books
  123. Official Documentation
  124. Creating a Perl Web Service Client
  125. SOAP::Lite
  126. Amazon Web Services
  127. Creating the Movable Type Plug-in
  128. Perl, Amazon, and Movable Type Resources
  129. Apache Axis2
  130. REST
  131. REST Resources
  132. SOAP
  133. Informit Articles and Sample Chapters
  134. Books and e-Books
  135. Official Documentation
  136. SOAP and Java
  137. Informit Articles and Sample Chapters
  138. Books and e-Books
  139. Official Documentation
  140. WSDL
  141. Informit Articles and Sample Chapters
  142. Books and e-Books
  143. Official Documentation
  144. UDDI
  145. UDDI Resources
  146. XML-RPC
  147. XML-RPC in PHP
  148. Informit Articles and Sample Chapters
  149. Books and e-Books
  150. Official Documentation
  151. Ajax
  152. Asynchronous Javascript
  153. Client-side XSLT
  154. SAJAX and PHP
  155. Ajax Resources
  156. JSON
  157. Ruby on Rails
  158. Creating Objects
  159. Ruby Basics: Arrays and Other Sundry Bits
  160. Ruby Basics: Iterators and Persistence
  161. Starting on the Rails
  162. Rails and Databases
  163. Rails: Ajax and Partials
  164. Rails Resources
  165. Web Services Security
  166. Web Services Security Resources
  167. SAML
  168. Informit Articles and Sample Chapters
  169. Books and e-Books
  170. Specification and Implementation
  171. XML Digital Signatures
  172. XML Digital Signatures Resources
  173. XML Key Management Services
  174. Resources for XML Key Management Services
  175. Internationalization
  176. Resources
  177. Grid Computing
  178. Grid Resources
  179. Web Services Resource Framework
  180. Web Services Resource Framework Resources
  181. WS-Addressing
  182. WS-Addressing Resources
  183. WS-Notifications
  184. New Languages: XML in Use
  185. Informit Articles and Sample Chapters
  186. Books and e-Books
  187. Official Documentation
  188. Google Web Toolkit
  189. GWT Basic Interactivity
  190. Google Sitemaps
  191. Google Sitemaps Resources
  192. Accessibility
  193. Web Accessibility
  194. XML Accessibility
  195. Accessibility Resources
  196. The Semantic Web
  197. Defining a New Ontology
  198. OWL: Web Ontology Language
  199. Semantic Web Resources
  200. Google Base
  201. Microformats
  202. StructuredBlogging
  203. Live Clipboard
  204. WML
  205. XHTML-MP
  206. WML Resources
  207. Google Web Services
  208. Google Web Services API
  209. Google Web Services Resources
  210. The Yahoo! Web Services Interface
  211. Yahoo! Web Services and PHP
  212. Yahoo! Web Services Resources
  213. eBay REST API
  214. WordML
  215. WordML Part 2: Lists
  216. WordML Part 3: Tables
  217. WordML Resources
  218. DocBook
  219. Articles
  220. Books and e-Books
  221. Official Documentation and Implementations
  222. XML Query
  223. Informit Articles and Sample Chapters
  224. Books and e-Books
  225. Official Documentation
  226. XForms
  227. Informit Articles and Sample Chapters
  228. Books and e-Books
  229. Official Documentation
  230. Resource Description Framework (RDF)
  231. Informit Articles and Sample Chapters
  232. Books and e-Books
  233. Official Documentation
  234. Topic Maps
  235. Informit Articles and Sample Chapters
  236. Books and e-Books
  237. Official Documentation, Implementations, and Other Resources
  238. Rich Site Summary (RSS)
  239. Informit Articles and Sample Chapters
  240. Books and e-Books
  241. Official Documentation
  242. Simple Sharing Extensions (SSE)
  243. Atom
  244. Podcasting
  245. Podcasting Resources
  246. Scalable Vector Graphics (SVG)
  247. Informit Articles and Sample Chapters
  248. Books and e-Books
  249. Official Documentation
  250. OPML
  251. OPML Resources
  252. Summary
  253. Projects
  254. JavaScript TimeTracker: JSON and PHP
  255. The Javascript Timetracker
  256. Refactoring to Javascript Objects
  257. Creating the Yahoo! Widget
  258. Web Mashup
  259. Google Maps
  260. Indeed Mashup
  261. Mashup Part 3: Putting It All Together
  262. Additional Resources
  263. Frequently Asked Questions About XML
  264. What's XML, and why should I use it?
  265. What's a well-formed document?
  266. What's the difference between XML and HTML?
  267. What's the difference between HTML and XHTML?
  268. Can I use XML in a browser?
  269. Should I use elements or attributes for my document?
  270. What's a namespace?
  271. Where can I get an XML parser?
  272. What's the difference between a well-formed document and a valid document?
  273. What's a validating parser?
  274. Should I use DOM or SAX for my application?
  275. How can I stop a SAX parser before it has parsed the entire document?
  276. 2005 Predictions
  277. 2006 Predictions
  278. Nick's Book Picks

To the uninitiated -- that's just about anybody who doesn't eat, drink, and sleep electronic security -- XML Signature can be very confusing. The recommendation is filled with talk of canonicalization, keystores, digests, hashes, and lots of other stuff that just doesn't come up in everyday programming. The result is that until you see it in action, it can be very hard to put the pieces together into something that seems intelligable.

Fortunately, once you do see it in action, it's not that difficult to get your head around. Here's the basic idea:

You have data of some sort. You want someone to vouch for it. That someone wants to make sure that the data you're looking at is the same data he or she vouched for. XML Signature let's you do that.

Here's how it works:

The person vouching for the data -- let's call that person the "signer" -- has some sort of certificate to prove that they're really them. It's like when you go to a notary public to sign a document and she takes a photocopy of your driver's license to make sure you're really you. That certificate can be any number of things, such as a private key or an X.509 certificate. The more you're worried about the signer, the more you need to worry about that certificate, or "key". If you're only worried about making sure the data hasn't changed since it was signed, the key only has to exist. For example, Java comes with a program called keytool that generates certficates.

The signer then takes a program, and signs the data. The process of signing the data creates a "message digest" that refers back to the data and packages it all up. Any change in the data means a change in the digest, so when the recipient -- let's call that person the "verifier" -- gets the data, he or she can check to make sure that the digest still matches the message. If it does, then the verifier knows that the data is intact.

That's the general idea, so let's look at how it actually happens. For this example, I used IBM's XML Security Suite, a set of Java classes that implements a number of XML and Web Services security-related specifications.

First, I had to generate a key to sign the data with. I did that using the keytool.exe application located in Java's bin directory:

keytool -genkey -dname "CN=Nick Chase, OU=InformIT, O=Pearson, 
L=NPR, S=Florida, C=US" -alias nick -storepass mystorepassword -keypass mykeypassword

Next I created a very simple XML document to sign:

<theroot>
<thedata>data!</thedata>
</theroot>

Next I used one of the sample applications, dsig.SampleSign2, to actually sign the data:

java -cp .;xml4j.jar;xss4j.jar;are.jar dsig.SampleSign2 nick mystorepassword 
mykeypassword -embxml stuff.xml > signature.xml

The jar files are part of the XML Security Suite distribution, and the SampleSign2 application takes the id for the certificate and the certificate passwords to start with, and then the resource (or resources) to sign, finally sending the to the file signature.xml. In this case, I've chosen to embed the resource right into the signature file, but it's also possible to have external resources.

If we look at the signature.xml file, we can see it all come together:

<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
  <SignedInfo>
    <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"></CanonicalizationMethod>
    <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"></SignatureMethod>
    <Reference URI="#Res0">
      <Transforms>
        <Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"></Transform>
      </Transforms>
      <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod>
      <DigestValue>psLjBQtzI7t7wiozRfLoNdaIb08=</DigestValue>
    </Reference>
  </SignedInfo>
  <SignatureValue>
    ZimJc+beK3HLLlpPcxh0kvBIPYB6YQs+as6SqXID4pY0tyF6qWQ3KQ==
  </SignatureValue>
  <KeyInfo>
    <KeyValue>
      <DSAKeyValue>
        <P>
          /X9TgR11EilS30qcLuzk5/YRt1I870QAwx4/gLZRJmlFXUAiUftZPY1Y+r/F9bow9s
          ubVWzXgTuAHTRv8mZgt2uZUKWkn5/oBHsQIsJPu6nX/rfGG/g7V+fGqKYVDwT7g/bT
          xR7DAjVUE1oWkTL2dfOuK2HXKu/yIgMZndFIAcc=
        </P>
        <Q>l2BQjxUjC8yykrmCouuEC/BYHPU=</Q>
        <G>
          9+GghdabPd7LvKtcNrhXuXmUr7v6OuqC+VdMCz0HgmdRWVeOutRZT+ZxBxCBgLRJFn
          Ej6EwoFhO3zwkyjMim4TwWeotUfI0o4KOuHiuzpnWRbqN/C/ohNWLx+2J6ASQ7zKTx
          vqhRkImog9/hWuWfBpKLZl6Ae1UlZAFMO/7PSSo=
        </G>
        <Y>
          HPnTW4UAvR4MIYOqym1zdLFlzNREQpKCxOMbiSvD04es7RONiBECT6OtlMWAZ9k/9N
          gOK/HmxObSC5inAjXN2omNZzBburQuJAmRs/G2nwRp49yLRNHWq1922jCYoZ6iFmNA
          iraKSIOYTS1LnfGEEgl7zNc/XDsArRtZ+LBdrZo=
        </Y>
      </DSAKeyValue>
    </KeyValue>
    <X509Data>
      <X509IssuerSerial>
        <X509IssuerName>CN=Nick Chase,OU=InformIT,O=Pearson,L=New Port Richey,ST=Florida,C=US</X509IssuerName>
        <X509SerialNumber>1089899916</X509SerialNumber>
      </X509IssuerSerial>
      <X509SubjectName>CN=Nick Chase,OU=InformIT,O=Pearson,L=New Port Richey,ST=Florida,C=US</X509SubjectName>
      <X509Certificate>
MIIDGjCCAtgCBED2jYwwCwYHKoZIzjgEAwUAMHMxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdGbG9y
aWRhMRgwFgYDVQQHEw9OZXcgUG9ydCBSaWNoZXkxEDAOBgNVBAoTB1BlYXJzb24xETAPBgNVBAsT
CEluZm9ybUlUMRMwEQYDVQQDEwpOaWNrIENoYXNlMB4XDTA0MDcxNTEzNTgzNloXDTA0MTAxMzEz
NTgzNlowczELMAkGA1UEBhMCVVMxEDAOBgNVBAgTB0Zsb3JpZGExGDAWBgNVBAcTD05ldyBQb3J0
IFJpY2hleTEQMA4GA1UEChMHUGVhcnNvbjERMA8GA1UECxMISW5mb3JtSVQxEzARBgNVBAMTCk5p
Y2sgQ2hhc2UwggG3MIIBLAYHKoZIzjgEATCCAR8CgYEA/X9TgR11EilS30qcLuzk5/YRt1I870QA
wx4/gLZRJmlFXUAiUftZPY1Y+r/F9bow9subVWzXgTuAHTRv8mZgt2uZUKWkn5/oBHsQIsJPu6nX
/rfGG/g7V+fGqKYVDwT7g/bTxR7DAjVUE1oWkTL2dfOuK2HXKu/yIgMZndFIAccCFQCXYFCPFSML
zLKSuYKi64QL8Fgc9QKBgQD34aCF1ps93su8q1w2uFe5eZSvu/o66oL5V0wLPQeCZ1FZV4661FlP
5nEHEIGAtEkWcSPoTCgWE7fPCTKMyKbhPBZ6i1R8jSjgo64eK7OmdZFuo38L+iE1YvH7YnoBJDvM
pPG+qFGQiaiD3+Fa5Z8GkotmXoB7VSVkAUw7/s9JKgOBhAACgYAc+dNbhQC9Hgwhg6rKbXN0sWXM
1ERCkoLE4xuJK8PTh6ztE42IEQJPo62UxYBn2T/02A4r8ebE5tILmKcCNc3aiY1nMFu6tC4kCZGz
8bafBGnj3ItE0darX3baMJihnqIWY0CKtopIg5hNLUud8YQSCXvM1z9cOwCtG1n4sF2tmjALBgcq
hkjOOAQDBQADLwAwLAIUUGLeAge6Ldui6tYQxPS4L3WMXkoCFCKEwGg3Ah8jEBum+rbhmrvo3xp/
      </X509Certificate>
    </X509Data>
  </KeyInfo>
  <dsig:Object xmlns="" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" Id="Res0"><theroot>

<thedata>data!</thedata>
</theroot></dsig:Object>
</Signature>

Starting at the bottom, the file defines the object that I've signed, including it in the document and assigning it an ID of Res0 so we can refer back to it later. Above that, we have the KeyInfo element, which includes information about the keys and certificates I used to sign the document. Next up, we have the actual signature. Finally, above that, we have the information on what was actually signed.

This last bit takes a bit more looking into, so let's repeat it here:

  <SignedInfo>
    <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"></CanonicalizationMethod>
    <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"></SignatureMethod>
    <Reference URI="#Res0">
      <Transforms>
        <Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"></Transform>
      </Transforms>
      <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod>
      <DigestValue>psLjBQtzI7t7wiozRfLoNdaIb08=</DigestValue>
    </Reference>
  </SignedInfo>

First off, you have to remember that this process is extremely sensitive to changes in the document. For example, just changing the spacing in an XML document is still a change, and the signature would be invalid. Therefore, before signing a document, you need to make sure it's in "canonical" format, so here we're specifying what needs to be done to the document, and how to do it. We're also specifying the type of signature we're dealing with.

Next we've got the actual resource being signed, described by the Reference element. In this case, the data's embedded in the signature file, so we're pointing to it through the URL fragment #Res0, which matches the object ID for the data. From there we're specifying what we did with the data -- the transform and the method for creating the digest -- and then the digest itself.

Before I move on to verifying this file, note that you can also sign external resources. For example:

...
  <SignedInfo>
    <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"></CanonicalizationMethod>
    <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"></SignatureMethod>
    <Reference URI="http://www.nicholaschase.com/testsoap.php">
      <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod>
      <DigestValue>pSw2lraC6kX9m85GUwG0a/+p00c=</DigestValue>
    </Reference>
  </SignedInfo>
...

In this case, the data is not included as part of the signature file.

Finally, you want to verify the data to make sure it's intact. The XML Security Suite has a sample called VerifyGUI that verifies the signature. This application takes the data and performs the same canonicalization and transforms on it, then calculates a digest. If the digest matches what's in the signature file, it passes. If not, it returns a message saying so. Don't believe me? Create a signature of your own, change one caracter of the actual data, and run VerifyGUI. You'll see.

So that's it. I have simplified some things in this explanation, but this is what you need to get you started. Check out the resources, or ask a question in the comments for the XML Reference Guide to find out more.

InformIT Promotional Mailings & Special Offers

I would like to receive exclusive offers and hear about products from InformIT and its family of brands. I can unsubscribe at any time.

Overview


Pearson Education, Inc., 221 River Street, Hoboken, New Jersey 07030, (Pearson) presents this site to provide information about products and services that can be purchased through this site.

This privacy notice provides an overview of our commitment to privacy and describes how we collect, protect, use and share personal information collected through this site. Please note that other Pearson websites and online products and services have their own separate privacy policies.

Collection and Use of Information


To conduct business and deliver products and services, Pearson collects and uses personal information in several ways in connection with this site, including:

Questions and Inquiries

For inquiries and questions, we collect the inquiry or question, together with name, contact details (email address, phone number and mailing address) and any other additional information voluntarily submitted to us through a Contact Us form or an email. We use this information to address the inquiry and respond to the question.

Online Store

For orders and purchases placed through our online store on this site, we collect order details, name, institution name and address (if applicable), email address, phone number, shipping and billing addresses, credit/debit card information, shipping options and any instructions. We use this information to complete transactions, fulfill orders, communicate with individuals placing orders or visiting the online store, and for related purposes.

Surveys

Pearson may offer opportunities to provide feedback or participate in surveys, including surveys evaluating Pearson products, services or sites. Participation is voluntary. Pearson collects information requested in the survey questions and uses the information to evaluate, support, maintain and improve products, services or sites, develop new products and services, conduct educational research and for other purposes specified in the survey.

Contests and Drawings

Occasionally, we may sponsor a contest or drawing. Participation is optional. Pearson collects name, contact information and other information specified on the entry form for the contest or drawing to conduct the contest or drawing. Pearson may collect additional personal information from the winners of a contest or drawing in order to award the prize and for tax reporting purposes, as required by law.

Newsletters

If you have elected to receive email newsletters or promotional mailings and special offers but want to unsubscribe, simply email information@informit.com.

Service Announcements

On rare occasions it is necessary to send out a strictly service related announcement. For instance, if our service is temporarily suspended for maintenance we might send users an email. Generally, users may not opt-out of these communications, though they can deactivate their account information. However, these communications are not promotional in nature.

Customer Service

We communicate with users on a regular basis to provide requested services and in regard to issues relating to their account we reply via email or phone in accordance with the users' wishes when a user submits their information through our Contact Us form.

Other Collection and Use of Information


Application and System Logs

Pearson automatically collects log data to help ensure the delivery, availability and security of this site. Log data may include technical information about how a user or visitor connected to this site, such as browser type, type of computer/device, operating system, internet service provider and IP address. We use this information for support purposes and to monitor the health of the site, identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents and appropriately scale computing resources.

Web Analytics

Pearson may use third party web trend analytical services, including Google Analytics, to collect visitor information, such as IP addresses, browser types, referring pages, pages visited and time spent on a particular site. While these analytical services collect and report information on an anonymous basis, they may use cookies to gather web trend information. The information gathered may enable Pearson (but not the third party web trend services) to link information with application and system log data. Pearson uses this information for system administration and to identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents, appropriately scale computing resources and otherwise support and deliver this site and its services.

Cookies and Related Technologies

This site uses cookies and similar technologies to personalize content, measure traffic patterns, control security, track use and access of information on this site, and provide interest-based messages and advertising. Users can manage and block the use of cookies through their browser. Disabling or blocking certain cookies may limit the functionality of this site.

Do Not Track

This site currently does not respond to Do Not Track signals.

Security


Pearson uses appropriate physical, administrative and technical security measures to protect personal information from unauthorized access, use and disclosure.

Children


This site is not directed to children under the age of 13.

Marketing


Pearson may send or direct marketing communications to users, provided that

  • Pearson will not use personal information collected or processed as a K-12 school service provider for the purpose of directed or targeted advertising.
  • Such marketing is consistent with applicable law and Pearson's legal obligations.
  • Pearson will not knowingly direct or send marketing communications to an individual who has expressed a preference not to receive marketing.
  • Where required by applicable law, express or implied consent to marketing exists and has not been withdrawn.

Pearson may provide personal information to a third party service provider on a restricted basis to provide marketing solely on behalf of Pearson or an affiliate or customer for whom Pearson is a service provider. Marketing preferences may be changed at any time.

Correcting/Updating Personal Information


If a user's personally identifiable information changes (such as your postal address or email address), we provide a way to correct or update that user's personal data provided to us. This can be done on the Account page. If a user no longer desires our service and desires to delete his or her account, please contact us at customer-service@informit.com and we will process the deletion of a user's account.

Choice/Opt-out


Users can always make an informed choice as to whether they should proceed with certain services offered by InformIT. If you choose to remove yourself from our mailing list(s) simply visit the following page and uncheck any communication you no longer want to receive: www.informit.com/u.aspx.

Sale of Personal Information


Pearson does not rent or sell personal information in exchange for any payment of money.

While Pearson does not sell personal information, as defined in Nevada law, Nevada residents may email a request for no sale of their personal information to NevadaDesignatedRequest@pearson.com.

Supplemental Privacy Statement for California Residents


California residents should read our Supplemental privacy statement for California residents in conjunction with this Privacy Notice. The Supplemental privacy statement for California residents explains Pearson's commitment to comply with California law and applies to personal information of California residents collected in connection with this site and the Services.

Sharing and Disclosure


Pearson may disclose personal information, as follows:

  • As required by law.
  • With the consent of the individual (or their parent, if the individual is a minor)
  • In response to a subpoena, court order or legal process, to the extent permitted or required by law
  • To protect the security and safety of individuals, data, assets and systems, consistent with applicable law
  • In connection the sale, joint venture or other transfer of some or all of its company or assets, subject to the provisions of this Privacy Notice
  • To investigate or address actual or suspected fraud or other illegal activities
  • To exercise its legal rights, including enforcement of the Terms of Use for this site or another contract
  • To affiliated Pearson companies and other companies and organizations who perform work for Pearson and are obligated to protect the privacy of personal information consistent with this Privacy Notice
  • To a school, organization, company or government agency, where Pearson collects or processes the personal information in a school setting or on behalf of such organization, company or government agency.

Links


This web site contains links to other sites. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every web site that collects Personal Information. This privacy statement applies solely to information collected by this web site.

Requests and Contact


Please contact us about this Privacy Notice or if you have any requests or questions relating to the privacy of your personal information.

Changes to this Privacy Notice


We may revise this Privacy Notice through an updated posting. We will identify the effective date of the revision in the posting. Often, updates are made to provide greater clarity or to comply with changes in regulatory requirements. If the updates involve material changes to the collection, protection, use or disclosure of Personal Information, Pearson will provide notice of the change through a conspicuous notice on this site or other appropriate way. Continued use of the site after the effective date of a posted revision evidences acceptance. Please contact us if you have questions or concerns about the Privacy Notice or any objection to any revisions.

Last Update: November 17, 2020