We consider the secure exchange of information in a P2P
environment, where intermediaries can modify data and queries in a
controlled way, e.g., by filtering out some information or
strengthening some query. We propose a data exchange model that
permits the specification of admissible updates, along with an
array of cryptography-based techniques to validate updates and to
guarantee the provenance of data and queries in different
scenarios. In particular, we consider the cases where one insists
on exposing or hiding the identity of peers that performed
changes, and the changes they performed. We also consider the
packaging of signatures with the data (to be able to verify it)
and interactive scenarios where validity is proved via message
exchange.

The underlying thesis developed in the paper is that a newly
proposed model, consisting of XML documents with embedded calls to
Web services (namely Active XML), is an appropriate paradigm to
manage secured data exchange in a P2P setting. We show that Active
XML enables addressing in a uniform manner, in a dynamic and
multi-party setting, issues such as provenance, encryption and
signature of (portions of) documents, authentication, access
control, and query processing; issues typically ignored or
considered separately by traditional data exchange models.