XML Security Scenario*

  1. BookStore creates a form that will be filled in by a Alice and sent on to EasyPay.
  2. BookStore signs all of the form except for shipping address and credit card information, which is filled in by Alice.
  3. Alice fills in the form, encrypts the payment authorization element in a key shared with EasyPay, and returns it to BookStore.
  4. BookStore processes the form and confirms the integrity of the order (the book title and price) and passes the encrypted credit card info to EasyPay.

This protocol is faulty, but it demonstrates the use of selective signing and encryption.