Paving the way for end-user adoption of an XML-based approach to secure XML in document form, the World Wide Web Consortium (W3C) on Tuesday offered its recommendation and stamp of approval of XML Encryption Syntax and Processing and Decryption Transform for XML Signature.
When used in conjunction with XML Signature, XML Encryption and Decryption Transform could provide a starting point to secure Web services transactions and applications by permitting users to selectively sign and encrypt portions of XML data, according to a statement released by the W3C.
Although it is XML Signature which is capable of determining if a document has been tampered with, the Decryption Transform specification allows the receiver of the document to know which portions of the transmission may have been inadvertently changed for encryption purposes. It offers a guide for pinpointing areas of the document to be decrypted and enables restoration of the message's original state before a signature verification attempt is applied.
W3C officials say multiple applications and specifications are taking advantage of XML Encryption, as documented in the Implementation and Interoperability Report filed by the W3C XML Encryption Working Group.
Credited with the development of XML Encryption include W3C members Baltimore Technologies PLC, BEA Systems Inc., DataPower Technology Inc., IBM Corp., Motorola Inc., Sun Microsystems Inc., VeriSign Inc., and the University of Siegen.