The move paves the way for end-user adoption of an XML-based approach to secure XML in document form.
When used in conjunction with XML Signature, XML Encryption and Decryption Transform could provide a starting point to secure Web services transactions and applications by permitting users to sign and encrypt portions of XML data selectively, according to a statement released by the W3C.
Although it is XML Signature which is capable of determining if a document has been tampered with, the Decryption Transform specification allows the receiver of the document to know which portions of the transmission may have been inadvertently changed for encryption purposes. It offers a guide for pinpointing areas of the document to be decrypted and enables restoration of the message's original state before a signature verification attempt is applied.
W3C officials said multiple applications and specifications are taking advantage of XML Encryption, as documented in the Implementation and Interoperability Report filed by the W3C XML Encryption Working Group.
Credited with the development of XML Encryption include W3C members Baltimore Technologies, BEA Systems, DataPower Technology, IBM, Motorola, Sun Microsystems, VeriSign and the University of Siegen in Germany.