W3C home > Mailing lists > Public > public-xmlsec@w3.org > December 2009

RE: Review of XML Encryption / EXI integration (ACTION-493)

From: Scott Cantor <cantor.2@osu.edu>
Date: Wed, 30 Dec 2009 11:10:10 -0500
To: "'Frederick Hirsch'" <frederick.hirsch@nokia.com>, "'ext Thomas Roessler'" <tlr@w3.org>
Cc: "'XMLSec WG Public List'" <public-xmlsec@w3.org>, "'Carine Bournez'" <carine@w3.org>
Message-ID: <005701ca896a$901abad0$b0503070$@2@osu.edu>
Frederick Hirsch wrote on 2009-12-30:
> It seems that replacing an element with an EncryptedData element is a
> core concept of the specification and should be normatively specified
> - currently there is a SHOULD in the specification.

You really can't normatively dictate to other schemas how they should
incorporate encryption. The mechanism you suggest, for example, means that
every element in a schema that wants to allow for encrypting itself would
end up being replaced with a generic element (EncryptedData). That's not
terribly easy to specify. It certainly isn't how SAML did it.

At most, you might provide advisory material about different ways of doing
it, but the most obvious (straight replacement) actually isn't all that
common that I've seen, because most of the time you want some indication of
what the original element was from the perspective of the decrypting party.
So Foo might become EncryptedFoo with EncryptedData inside it.

-- Scott
Received on Wednesday, 30 December 2009 16:10:45 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:55:13 UTC