In this paper we evaluate security methods for extensible Markup Language (XML) and the Resource Description Framework (RDF). We argue that existing models are insufficient to provide high assurance security for future Web-based applications. We begin with a brief overview of XML access control models, where the protection objects are identified by the XML syntax. However, these approaches are limited to handle updates and structural modifications of the XML documents. We argue that XML security methods must be based on the intended meaning of XML and the semantics of the application using XML. We identify two promising research directions to extend the XML model with semantics. The first approach incorporates traditional database concepts, like key and integrity constraints, in the XML model. The second approach aims to associate XML documents with metadata supporting Web-based applications. We propose the development of security models based on these semantics-oriented approaches to achieve high assurance. Further, we investigate the security needs of Web metadata, like RDF, RDFS, and OWL. In particular, we study the security risks of unwanted inferences and data aggregation, supported by these languages.