The W3C XML Encryption Working Group has released Proposed Recommendation specifications for XML Encryption Syntax and Processing and Decryption Transform for XML Signature. Pending review of comments from the W3C Advisory Committee Members and the public, the specifications may reach Recommendation status after November 14, 2002. The XML Encryption document "specifies a process for encrypting data and representing the result in XML. The data may be arbitrary data (including an XML document), an XML element, or XML element content. The result of encrypting data is an XML Encryption element which contains or references the cipher data." The Decryption document "specifies an XML Signature 'decryption transform' that enables XML Signature applications to distinguish between those XML Encryption structures that were encrypted before signing (and must not be decrypted) and those that were encrypted after signing (and must be decrypted) for the signature to validate. XML Encryption is a method whereby XML content can be transformed such that it is discernable only to the intended recipients, and opaque to all others. There are many applications for such a specification given the increasing importance of XML on the Internet and Web including the protection of payment and transaction information."

Bibliographic information:

XML Encryption Syntax and Processing. W3C Proposed Recommendation 03-October-2002. Edited by Donald Eastlake and Joseph Reagle. Authors: Takeshi Imamura, Blair Dillaway, and Ed Simon. Version URL: http://www.w3.org/TR/2002/PR-xmlenc-core-20021003/. Latest version URL: http://www.w3.org/TR/xmlenc-core/. Previous version URL: http://www.w3.org/TR/2002/CR-xmlenc-core-20020802/.

Decryption Transform for XML Signature. W3C Proposed Recommendation 03-October-2002. Edited by Merlin Hughes Takeshi Imamura, and Hiroshi Maruyama. Version URL: http://www.w3.org/TR/2002/PR-xmlenc-decrypt-20021003. Latest version URL: http://www.w3.org/TR/xmlenc-decrypt. Previous version URL: http://www.w3.org/TR/2002/CR-xmlenc-decrypt-20020802.

From the WG Activity Statement: "Encryption is the process of securing information so that while it is accessible to a wide community (those with access to your hard drive or network) it is not meaningful to those unintended intermediaries and eavesdroppers. The data has been rendered opaque by mathematically scrambling (encrypting) it in a way that makes it unreadable to anyone except those possessing the secret (key) to unscramble (decrypt) it. The two most common types of cryptography are symmetric (same key) and asymmetric (public-key) cryptography. In symmetric key cryptography, a message is encrypted and decrypted using the same key, which must be confidentially exchanged in a separate transmission. For instance, two people could take a message represented in binary and scramble it with a random set of binary digits (one time pad); only the other party possessing the same secret can descramble the message..."

The mission of the W3C XML Encryption Working Group "is to develop a process for encrypting/decrypting digital content (including XML documents and portions thereof) and an XML syntax used to represent the (1) encrypted content and (2) information that enables an intended recipient to decrypt it. Please see the Charter for further information on the constitution of this WG. This WG does not address broader XML security issues including XML Signature, authentication, and authorization."