Mark Wiggerman wrote: > First of all the term 'security' has several meanings: Confidentiality, > authentication, integrity and non-repudiation. (according to the article > "Cryptography and the Web" http://www.w3journal.com/7/s3.crypt.wrap.html) [...] > XML is unfit for all of the above mentioned security issues. This is not quite right; XML is *neutral* wrt the above issues. XML is perfectly(*) well suited to carrying digital signatures (including signatures of XML), encrypted data (including encrypted XML), and so forth, and these things can address certain security issues. There's no "native support" for any of that in XML, but nor is there anything to stop you doing it. (*) well maybe it could carry binary better, but otherwise it is fine. > Securing a > document should be left to a method on a lower level such as SHTTP or > SSL. That's not correct either. Many applications would be much better served by digitally signed XML (or whatever) rather than the use of SSL. SSL doesn't work end-to-end for messaging applications, for example. Cheers, Frank O'Dwyer.