Summary

Security is one of the important aspects of Web commerce that is not addressed directly by SOAP or Web services. While it is possible to use standard security protocols to encrypt and authenticate XML, there are matters relating to the structure and definition of XML and its use in SOAP that require specialized security solutions. For example, when XML travels along message paths it may be necessary for various receiving agents to view selected parts of an XML document while keeping other parts secure. To address this issue, the W3C has developed XML Encryption and XML Signature to provide for the selective signing and encryption of XML elements and content. Also important with respect to XML security is XML Canonicalization, an algorithmic technology that generates the canonical form of an XML document so that nonessential parts of the document are discarded. Issues of trust are handled by XKMS, which builds on the services of XML Signature and XML Encryption and relies on established certificate authorities.