Mark Wiggerman wrote:
> First of all the term 'security' has several meanings: Confidentiality,
> authentication, integrity and non-repudiation. (according to the article
> "Cryptography and the Web" http://www.w3journal.com/7/s3.crypt.wrap.html)
> XML is unfit for all of the above mentioned security issues.
This is not quite right; XML is *neutral* wrt the above issues. XML is
perfectly(*) well suited to carrying digital signatures (including
signatures of XML), encrypted data (including encrypted XML), and so
forth, and these things can address certain security issues. There's no
"native support" for any of that in XML, but nor is there anything to
stop you doing it.
(*) well maybe it could carry binary better, but otherwise it is fine.
> Securing a
> document should be left to a method on a lower level such as SHTTP or
That's not correct either. Many applications would be much better served
by digitally signed XML (or whatever) rather than the use of SSL. SSL
doesn't work end-to-end for messaging applications, for example.