Exploring XML Encryption

PeterMan writes "Here's a good XML Encription article that examines the usage model of XML Encryption with the help of a use case scenario. It presents a simple demo application, explaining how it uses the XML Encryption implementation. It then continues with the use of JCA/JCE classes to support cryptography. Finally, It discusses the applications of XML Encryption in SOAP-based Web services."

Re:I don't get it.

[borgboy]

Among other things, XML Encryption gives you the ability to selectively encrypt individual elements of an XML document and do so in a way that clearly identifies what is encrypted and how. Just as in the example, you may want to pass around an XML document which, as a whole, is suitable for public consumption, but that contains parts you would like to keep secret and/or immutable.
The alternative is to pass around multiple documents which then need to reference one another somehow.

As for SOAP, I agree with you. If you need secure SOAP, HTTPS is an excellent, mature solution. His statement that SOAP should work seamlessly with XML Encryption sounds enormously optimistic. But then, I've actually done SOAP interop work between disparate vendors of SOAP servers/clients, requiring quite a bit of tweaking in some cases. Funny, Websphere was one of those culprits ;)

Performance?

[duffbeer703]

How are you going to be able to process large amounts of XML data?

Think about the massive, bloated overhead already associated with XML... now you are going to encrypt individual elements of XML with a variety of different schemes?

This whole XML thing seems to be Intel's wet dream come true.