XML and security

The XML Signature Working Group-a joint technical committee of the Internet Engineering Task Force (IETF) and the World Wide Web Consortium (W3C) aims at enabling digital signing of documents using XML syntax. This capability is critical for a variety of electronic commerce applications, including payment tools. Signatures can provide integrity, message authentication and/or authentication services for data of any type, whether located within the XML that includes the signature or located elsewhere. XML signatures are generated by a hash function from the collection of references to the objects being signed; its syntax associates the content of resources with a key via a strong one-way transformation. This paper will provide further information on this and the proposed XML encryption standard.