The World Wide Web Consortium (W3C) has released a working draft of a new standard designed to provide encryption for XML-based documents. The new document, entitled "XML Encryption Requirements," was published April 20, 2001. According to the draft, W3C will design encryption methods to protect all or parts of an XML-based document using existing encryption specifications, such as Advanced Encryption Standard (AES) and Triple Data Encryption Standard (3DES). The new standard will also be able to further encrypt already-encrypted data.
At a minimum, the new standard will include the ability (but not the requirement) to carry encryption key information as part of a set of XML data and be able to reference an external key through Universal Resource Identifiers (URIs). In either case the key will be able to reflect exactly which XML data the key pertains to. In addition, the new encryption standard will apply to any Web resource, including non-XML content.
W3C is also working on a candidate specification for XML digital signature technology to use with the new XML encryption specification. At a minimum, the XML digital signature technology will let multiple parties selectively sign parts of a document and add their signatures to existing document signatures to help ensure data integrity and origin.
No information was available about when the technologies might become final drafts. However, W3C said the current candidacy for XML digital signature standards expires May 19, 2001, when the existing candidate specification becomes the proposed recommendation and the draft standard unless someone raises substantial issues about the candidate before then.