Internet and Wireless Security

Recently the W3C have set up an XML Encryption activity, aiming to provide a standard for encrypted information within an XML document. This could be used to keep confidential parts of an XML document. For example, there could be secret clauses in a contract that only certain parties are allowed to know.
XML Encryption could be employed for alternative non-signature integrity mechanisms such as a keyed hash function. Web services which contain confidential data in certain fields may use XML Encryption.
The XML Encryption standard will define symmetric key and associated data types for use within XML. XML Encryption is required to support the encryption of non-XML resources, and therefore could be used to protect a future pay-per-view Web broadcast, with scrambled data unlocked at a later date on receipt of payment. XML Encryption may use transformations in a manner similar to XML Signature. However, there could be different reasons for using them. Firstly, a transformation may help improve the security by adding redundancy. It could be a compression algorithm to again help security and also shorten the document length.
The uses for XML Encryption are not so immediately obvious as for XML Signature. A possible use will be where XML is being employed to serve as layers in a network protocol. Routing layers may need to be in plain text, but the actual message needs to be encrypted. The example in Fig 2.14 is from the Jabber [15] instant messaging protocol. Since routing is determined by...