W3CTechnology and Society DomainActivity Statement

XML Encryption
Activity Statement

Work on Encryption is being managed as part of W3C's Technology and Society domain.

  1. Introduction
  2. Role of W3C
  3. Current Situation and Accomplishments
  4. What the Future Holds
  5. Contact

Introduction

Encryption renders data (plain-text) confidential (cipher-text) such that it can be safely stored or transmitted and only the intended recipients can restore the data to its original form. This feature is important given that many applications are using the Internet to exchange sensitive information such as payment and purchase orders. In view of recent Web technology developments, the work of the XML Encryption Activity is to specify XML encryption syntax and processing for encrypting XML in whole or part (e.g., element). This can then be used by XML applications, such as XML Protocol.

Concepts Simply Explained

Overview

Encryption is the process of securing information so that while it is accessible to a wide community (those with access to your hard drive or network) it is not meaningful to those unintended intermediaries and eavesdroppers. The data has been rendered opaque by mathematically scrambling (encrypting) it in a way that makes it unreadable to anyone except those possessing the secret (key) to unscramble (decrypt) it. The two most common types of cryptography are symmetric (same key) and asymmetric (public-key) cryptography. In symmetric key cryptography, a message is encrypted and decrypted using the same key, which must be confidentially exchanged in a separate transmission. For instance, two people could take a message represented in binary and scramble it with a random set of binary digits (one time pad); only the other party possessing the same secret can descramble the message. Of course, this begs the question of how one securely exchanges the one time pad!

This question is addressed by public-key (asymmetric) cryptography wherein every party to a communication has a public and private key that are inversely related to each other. Any message encrypted with the publicly available key can only be decrypted by its corresponding privately held key. Interestingly, this same relationship permits for public-key digital signatures wherein any person with the public key can confirm that a person with the corresponding private key used it to secure the message. Because symmetric (same) key cryptography is very efficient, confidential interactions frequently start by exchanging a symmetric key using asymmetric (public) key cryptography.

Encryption and XML

The W3C's Extensible Markup Language (XML) Recommendation specifies a standard syntax for structuring Web documents. An XML document can be secured using many of the existing cryptographic standards. However, many XML applications need to encrypt portions of XML documents such that some data can be secured, while other data is still available. Additionally, this feature needs to work with the selective signing feature of XML Signature.This is the motivation of the XML Encryption Activity.

Role of W3C

This Working Group is an Activity of the W3C.

Current Situation and Accomplishments

All chartered deliverables have been completed.

In March 2002, the Working Group published a XML Encryption Requirements W3C Note. In December 2002, XML Encryption Syntax and Processing and the Decryption Transform for XML Signature were published as Recommendations. There are 4 implementations reporting interoperability, including 1 open source.

What the Future Holds

The XML Encryption Working Group charter terminated on 2002-12-31. The mailing list may be used for discussion of errata, operational experience, and requirements for new work.

Contact

Joseph M. Reagle Jr., <reagle@w3.org> W3C Activity Lead and Chair

Last modified $Date: 2003/05/14 09:17:51 $

Copyright 2001-2003 W3C (MIT, ERCIM, Keio), All Rights Reserved. W3C liability, trademark, document use and software licensing rules apply. Your interactions with this site are in accordance with our public and Member privacy statements.