October 4, 2002 3:26 PM PDT
W3C proposes XML encryption methods
The World Wide Web Consortium (W3C) released proposed recommendations for XML Encryption Syntax and Processing and Decryption Transform for XML Signature. Together, the protocols will let Web sites and services send and receive sensitive data confidentially.
While methods already exist for encrypting XML documents, the W3C's proposed recommendations will make it possible to encrypt selected sections or elements of a document--for instance, a credit card number entered in an XML form.
"XML Encryption allows you to secure parts of XML documents, and that's critical in many Web service applications," said Joseph Reagle, chair of the W3C XML Encryption Working Group. "It gives you a range of algorithms you can use and gives you the syntax to represent what you did so other people, or you, can reverse the process."
The Decryption Transform recommendation provides a way of determining what parts of a document were encrypted or decrypted at the time a party signed it. The proposed recommendation is crucial to letting different parties authenticate discrete sections of a document at different times.
For example, a seller might sign the part listing an item and its price, while a buyer later would sign an encrypted credit card number. The Decryption Transform recommendation will let applications "roll back" the changing document to the condition in which it was signed.
The W3C's encryption work comes as part of a larger push to publish standards relevant to the Web services trend. The consortium earlier this year weathered criticism that it was missing the boat on Web services but since has published a wide array of Web services-related drafts.