Web Services Security

Know when XML Encryption is appropriate, and when it is not needed. XML Encryption is useful when a portion of an XML document must be encrypted, and other parts left unencrypted. XML Encryption is also useful when XML data must be persistently encrypted.

Remember that key management is vital for XML Encryption. Do not store keys on the file system of an untrusted machine, for example a server located in a DMZ. Unlike XML Signature, where a signature can be verified without the use of a private key, XML Encryption requires a private key for decryption. The safety of this private key is vitally important.