XML Security beyond XSLT

Extensible Markup Language (XML) is the \´love-child" of the World Wide Web Consortium (W3C). XML is expected to facilitate Internet B2B messaging because of its simplicity and flexibility. One big concern that customer may have in doing Internet B2B messaging is security. Therefore considering some security features in XML such as element-wise encryption, digital signature and access control that are beyond the capability of the transport-level security protocol such as SSL is of interest. We describe some access control model for XML documents and then perform some cryptographic transformations on it. For this reason, XSLT (Extensible Stylesheet Language Transformations) may well have sufficient functionality to perform all reasonable cryptographic transformations. We examine this question by describing a real world XML application whose security requirements are more complex than for a simple document; proposing an access control model using XML document, we present encryption operation in the document using XSLT; and identify the constraints and those features of XSLT which must be applied to meet the application requirements and then we examine "extension functions" as a solution to enhance the abilities of XSLT. We conclude that XSLT is only adequate in the proposed scenario and trying to extract additional functionality, such as the application of an encryption algorithm, leads to unacceptable complexity and constrains the ways in which documents can be encrypted