Exploring XML Encryption

PeterMan writes "Here's a good XML Encription article that examines the usage model of XML Encryption with the help of a use case scenario. It presents a simple demo application, explaining how it uses the XML Encryption implementation. It then continues with the use of JCA/JCE classes to support cryptography. Finally, It discusses the applications of XML Encryption in SOAP-based Web services."

Re:I don't get it.

XML is just a form of data, and should be totally independent in regards to encryption. If it transport mechanisms like SOAP work over HTTP, then why not just use HTTPS? What's next - an encryption standard for PNG images, text files and MPG movies? Maybe someone can enlighten me :-)

The official position of most of the XML security groups is that if it's not XML, it's crap (well, words to that effect). Because of this, it's necessary to reinvent everything yourself so you can do it in XML - you can't, for example, just use PGP to wrap up your XML data, or TLS to transport it, but have to build everything from scratch using XML only.

This is probably not the best approach to getting things usably deployed, and there has been some debate in the groups about this. At the moment the XML-ueber-alles side is winning.