XML.com: XML From the Inside Out

XML.comWebServices.XML.comO'Reilly Networkoreilly.com
  Articles | Weblogs | Newsletter | Safari Bookshelf
advertisement

Article:
Secure RSS Syndication
Subject: reuse
Date: 2005-10-14 06:47:23
From: Bill Burcham
Did you consider using the XML Encryption standard (http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/) instead of "rolling your own"? IBM's XML Security Suite (http://www.alphaworks.ibm.com/tech/xmlsecuritysuite) implements the standard and is RAND (http://www.w3.org/TR/2002/NOTE-patent-practice-20020124#def-RAND) I believe.


This standard is being used in various secure XML communications standards such as ebXML Messaging and WS-Security (SOAP security).


Proper application of the standard would make available to you a broader choice of crytpo algorithms and would somewhat mitigate your "I am not a cryptanalyst" concern.

Previous Message Previous Message   Next Message Next Message

Titles Only Titles Only Newest First
  • reuse
    2005-10-14 06:55:39 Joe Gregorio [Reply]

    Bill,
    The encrypted content was stored inside the XHTML. If I were to put an xenc:CipherData inside the XHTML that would make the XHTML invalid.


    • reuse
      2005-10-21 14:19:23 Bill Burcham [Reply]

      So you've developed what some might call a microformat a la microformats.org (http://microformats.org/) in that you've embedded into XHTML, markup which is not related to document structure.


      I find myself wondering whether all the vocabularies originally developed in DTD and XSD are going to eventually be migrated to XHTML with class attributes.


      What was the key constraint that necessitated expression in XHTML as opposed to e.g. an XML encryption wrapper with XHTML encrypted within?

Sponsored By:
Contact Us | Our Mission | Privacy Policy | Advertise With Us | | Submissions Guidelines
Copyright © 2008 O'Reilly Media, Inc. | (707) 827-7000 / (800) 998-9938