XML encryption is the process of encrypting and decrypting digital XML content, using certain syntax and algorithms. The basic concept of cryptography remains much the same, but the difference is in adopting a standard format for representing and exchanging encrypted XML data.
This standard format, often known as the XML encryption specification, includes a standard syntax for representing the encrypted content within the XML, as well as information required to decrypt its contents at the receiving end.
The W3C XML Encryption Working Groupa collaborative effort between the W3C (World Wide Web Consortium) and the IETF (Internet Engineering Task Force)advocates XML encryption standards and specifications. (W3C and IETF are two of the frontline organizations involved in defining interoperable standards and specifications for XML/Web services technologies.)
As of March 2002, the Working Group has released the Candidate Recommendation Specification for XML encryption, which includes the following:
XML Encryption Requirements
XML Encryption Syntax and Processing
Inspirations behind the XML Encryption specification effort, can be summarized as follows:
It is good to have standard element tags for representing encrypted elements within the XML documents. This will enable parsers to better understand encrypted elements and data during the validation process.
It is necessary to provide means for encrypting only the desired elements within an XML document instead of encrypting the whole document. This will pave the way for incorporating several confidential data elements that are intended for different recipients within a single XML document.
There should be standard mechanisms for exchanging the secret keys used for encryption and decryption processes.
The standard should allow encryption of different parts of the document with different keys, so that multiple recipients can decrypt only those portions that are intended for them.
The standards should be adaptable to both ASCII and binary data.
The standards should be adaptable to different cryptographic algorithms.
The standards should work along with other XML security standards and specifications