XML Security Introduction
- There is a requirement to ensure the integrity (signature) and
confidentiality (encryption) of parts of XML
documents.
- Operating on a "bucket of bits" is easy. Operating on parts of
XML documents requires the identification and processing of XML in
both an abstract (parsed) and consistently serialized (octets)
manner.
- These activities are not only applications using XML, they also
must address questions about XML, such as canonicalization.
- This is different from access control, authentication and
authorization which have fewer issues with XML, but face tricky
questions about semantics.