Towards Privacy-Preserving XML Transformation

摘要

In composite web services one can only either hide the identities of the participants or provide end-to-end confidentiality via encryption. For a designer of inter-organizational business processes this implies that she either needs to reveal her suppliers or force her customers to reveal their information. In this paper we present a solution to the encrypted data modification problem and recon ciliate this apparent conflict. Using a generic sender-transformer-recipient example scenario, we illustrate the steps required for applying XML transformations to encrypted data, present the cryptographic building blocks, and give an outlook on advantages and weaknesses of the proposed encryption scheme. The transformer is then able to offer composite services without itself learning the content of the messages.