The eXtensible Markup Language (XML) is regarded generally as having promise of becoming established as the general purpose framework for enabling transfer of data amongst heterogeneous environments. It is of interest therefore to analyse how suitable it may be once details of applications requirements and constraints are taken into account. One important requirement is for the security of documents in transit. Closely associated with XML is the eXtensible Stylesheet Language (XSL), whose document transformation component (XSLT) may well have sufficient functionality to perform all reasonable cryptographic transformations to deliver a desired level of document security. We examine this question by describing a real world XML application whose security requirements are more complex than for a simple document transfer between just two parties; proposing a document transfer architecture into which XSLT can be plugged-in; and identifying those features of XSLT which must be applied to mee...
R. G. Bartlett, M. W. Cook