I work for a Fortune 200 company that really is concerned about
security. We use application proxy based firewalls. There are
many application folks requiring XML communications with our
business partners. My question is how do we get XML through our
application proxy firewalls securely? This means we are not
interested in putting in a plug.

From my readings, it appears that XML can use HTTP and SSL as a
transport protocol. But from previous attempts we can only get
XML through our HTTP proxy if XML is wrapped in HTML. Is that
how we get the job done? Something doesn't seem right here. I
thought XML in itself has its own tags and doesn't necessarily
need HTML.