- From: Fikkert, Dick W. <Fikkert@fel.tno.nl>
- Date: Wed, 23 Aug 2000 17:27:55 -0700
- To: xml-encryption@w3.org
Just a comment on the introduction. We have 2 simple demonstrators available for what we did call sXML (s for secure). The demonstrators use element(s) wise encryption, concentrating on text nodes only. The issue we encountered was explaining customers what they could do with it and how sXML should be positioned with regard to other security measures. For that purpose we developed/wrote the following which may be of use in the introduction: Information security measures remain operative within defined borders. For example, if SSL is used, a credit card number is secure only during the transfer to a vendor's web site, as is the web page containing it. As soon as the credit card number arrives at the web server, SSL offers no security anymore. The reason for the breach in security is because SSL's operation is 'bound to' communications channels. Our sXML technology offers a more comprehensive security. sXML offers 'Information Bound Security', security that is bound to the information which is to be secured. As long as the information exists, the information is secure. Furthermore sXML works at the information level, rather than at a page, form or file as a whole. For example, on a given web page, the credit card number and the ordering information secured by sXML are safe, whether stored on a web server, transmitted to a vendor or processed. Furthermore, only the bank can access the credit card number, both the bank and the merchant can access address information, and only the merchant can access items ordered. (B.t.w. the difference between our 2 demonstrators is the extent to which they really offer Information Bound Security: One for example retains security measures within a page even if the decrypted web page is e-mailed by 'file send' in IE) Hope this is useful. Dick
Received on Wednesday, 23 August 2000 20:33:44 UTC