Slashdot Mirror

← Back to Stories (view on slashdot.org)

Exploring XML Encryption

Posted by Hemos on from the the-ways-things-work dept.

PeterMan writes "Here's a good XML Encription article that examines the usage model of XML Encryption with the help of a use case scenario. It presents a simple demo application, explaining how it uses the XML Encryption implementation. It then continues with the use of JCA/JCE classes to support cryptography. Finally, It discusses the applications of XML Encryption in SOAP-based Web services."

6 of 14 comments (clear)

  1. What's Encrypted, What's Not by 4of12 · · Score: 2

    Everyone agrees on two things:

    1. XML represents a great hope for higher level communication between automated agents
    2. encryption is a necessary ingredient for protected electronic commerce

    But I have some reasons to be pessimistic about XML.

    If the underlying DTDs and Schemas are not well distributed, as in free, open, unrestricted, the premise of XML as a lingua franca is severely undermined.

    Second, it will be too easy to decide that a business logic system based on XML is "too good to reveal to potential competitors and can make us money" and to therefore encrypt many more things that ought not to be encrypted if the objective is to make XML widespread and useful.

    --
    "Provided by the management for your protection."
  2. Re:I don't get it. by borgboy · · Score: 2, Interesting

    Among other things, XML Encryption gives you the ability to selectively encrypt individual elements of an XML document and do so in a way that clearly identifies what is encrypted and how. Just as in the example, you may want to pass around an XML document which, as a whole, is suitable for public consumption, but that contains parts you would like to keep secret and/or immutable.
    The alternative is to pass around multiple documents which then need to reference one another somehow.

    As for SOAP, I agree with you. If you need secure SOAP, HTTPS is an excellent, mature solution. His statement that SOAP should work seamlessly with XML Encryption sounds enormously optimistic. But then, I've actually done SOAP interop work between disparate vendors of SOAP servers/clients, requiring quite a bit of tweaking in some cases. Funny, Websphere was one of those culprits ;)

    --
    meh.
  3. Performance? by duffbeer703 · · Score: 3, Interesting

    How are you going to be able to process large amounts of XML data?

    Think about the massive, bloated overhead already associated with XML... now you are going to encrypt individual elements of XML with a variety of different schemes?

    This whole XML thing seems to be Intel's wet dream come true.

    --
    Conformity is the jailer of freedom and enemy of growth. -JFK
    1. Re:Performance? by renehollan · · Score: 2

      Yeah. I came away with the feeling that XML is the Cobol of the new millenium strongly reinforced. If anything, XML should be the source code for what actually gets exchanged in a machine-agnostic fashion (anyone remember XDR?).

      --
      You could've hired me.
    2. Re:Performance? by ChrisDolan · · Score: 2

      Have you looked at PDF encryption? Granted, it's all RC4 with MD5 password hashes, not the "variety of different schemes" you mention, but encrypted PDF docs have plaintext metadata and encrypted content data intermixed. It's really quite cool, and the performance hit is tiny. The advantage PDF might have over XML, however, is that the document format is internally indexed, so you don't have to parse the whole thing to get the one piece of data you want. That detail aside, I think this is quite feasible without big CPU hits.

  4. Re:I don't get it. by Arandir · · Score: 2

    Hey let's get cynical why don't we? Just because they're in desperate need of psychiatric intervention doesn't mean you should make fun of them!

    --
    A Government Is a Body of People, Usually Notably Ungoverned