Confidentiality: XML Encryption
Like any other communication on the Internet, any XML document can be encrypted in its entirety and sent across the wire to be decrypted at the other end. The problem with this, however, is that encrypting obfuscates the entire message. Frequently, parts of an XML message need to be sent in the clear. For example, SOAP is an XML format that computers use to exchange remote procedure calls over the Web. In use, all or part of the body of a SOAP message may need protection but the headers must be sent in the clear so that intermediaries can see routing and other information.
Alternately, the channel could be encrypted—using SSL, for example—ensuring that any message transferred across that channel is protected in transit. The problem with channel encryption is that the message is in the clear on any intermediate machines. To get around these problems, the XML Encryption standard is designed to allow partial encryption of an XML document.
Like the XML Signature standard, the XML Encryption standard has many parts to deal with multiple contingencies, but understanding the core functionality is not difficult. Any encrypted data in an XML document is identified using the <EncryptedData/> element. The <EncryptedData/> element consists of two parts:
An optional
<EncryptionMethod/>element that gives<KeyInfo/>information. The<KeyInfo/>element is the same as the one defined for the XML Signature specification.A
<CipherData/>element that can either include ...