- From: Joseph M. Reagle Jr. <reagle@w3.org>
- Date: Thu, 31 Aug 2000 16:35:23 -0400
- To: "Takeshi Imamura" <IMAMU@jp.ibm.com>, John Cowan <jcowan@reutershealth.com>, Ed Simon <ed.simon@entrust.com>
- Cc: "Public XML Encryption List" <xml-encryption@w3.org>
At 11:02 8/31/2000 +0900, Takeshi Imamura wrote:
>Ed's proposal also targets a whole attribute (i.e., name and value pair) and
>only a value of an attribute. How does your idea work for them?
Ok, so we are encrypting a piece of XML and we need to identify what we've
encrypted. In Information Set speak, you are identifying not only the Item,
but its normalized value property. [1] I don't think there is a single URI
for identifying an Item and its property, such as:
http://www.w3.org/2000/07/infoset#Attribute.NormalizedValue
We could add another piece of syntax:
<EncryptedNode xmlns="http://www.w3.org/2001/03/Encryption"
Location="."
InformationSetItem="http://www.w3.org/2000/07/infoset#Element"
InformationSetProperty="http://www.w3.org/2000/07/infoset#normalizedValue"
EncryptionInfo="#encryptionInfo23">
(Base64 of encrypted Element node)
</EncryptedNode>
But is that attribute an IDREF or a URI, so you could add another URI such as:
InformationSetAttributeType="http://www.w3.org/2000/07/infoset#AttributeType.IDREF"
But this could quickly get annoying and the Information Set spec fortunately
provides a whole schema that defines the relationship of these things to
each other! Consequently (though this is the thing I said I wanted to think
more about) we could adopt something like the following where I've encrypted
the CDATA value of the 'author' attribute:
<EncryptedNode>
<infoset:Attribute xmlns:infoset="http://www.w3.org/2000/07/infoset#'"
<infoset:normalizedValue resource="#foo"/>
<infoset:localName resource="author"/>
<infoset:namespaceName resource="bib:"/>
<infoset:attributeType resource="infoset:AttributeType.CDATA"/>
</infoset:Attribute>
<Data Id="foo">alkdjab2o3498salkjvblkajb9872398</Data>
</EncryptedNode/>
Note that normalizedValue resource="#foo" identifies the thing that was
actually encrypted. this would allow me to nifty partial encryptions of
portions of an InformationSet Item rather compactly:
<EncryptedNode>
<infoset:Attribute xmlns:infoset="http://www.w3.org/2000/07/infoset#'"
<infoset:normalizedValue resource="#foo"/>
<infoset:localName resource="#bar"/>
</infoset:Attribute>
<Data Id="foo">alkdjab2o3498salkjvblkajb9872398</Data>
<Data Id="bar">alkdjab2o3498salkjvblkajb9872398</Data>
</EncryptedNode/>
Now I'm not convinced I'm using the InformationSet properly here (as an
Attribute is actually a member of AttributeSet (an easy way to encrypt the
whole attribute set!). John, do you expect InformationSet to provide an XML
Schema for explicit representations?
[1] http://www.w3.org/TR/2000/WD-xml-infoset-20000726
>From: "Takeshi Imamura" <IMAMU@jp.ibm.com>
>To: "Joseph M. Reagle Jr." <reagle@w3.org>
>cc: Ed Simon <ed.simon@entrust.com>,
> "Public XML Encryption List" <xml-encryption@w3.org>
>Message-ID: <4925694C.000B6197.00@d22mta13.yamato.ibm.com>
>Date: Thu, 31 Aug 2000 11:02:50 +0900
>Mime-Version: 1.0
>Content-type: text/plain; charset=us-ascii
>Subject: Re: Encrypted Node URI and NodeType
>Resent-From: xml-encryption@w3.org
>X-Mailing-List: <xml-encryption@w3.org> archive/latest/59
>X-Loop: xml-encryption@w3.org
>Sender: xml-encryption-request@w3.org
>Resent-Sender: xml-encryption-request@w3.org
>Precedence: list
>Status:
>
>
>
>
>Joseph,
>
>Ed's proposal also targets a whole attribute (i.e., name and value pair) and
>only a value of an attribute. How does your idea work for them?
>
>Thanks,
>Takeshi IMAMURA
>Tokyo Research Laboratory
>IBM Japan, Ltd.
>E-mail: imamu@jp.ibm.com
>
>
>
>From: "Joseph M. Reagle Jr." <reagle@w3.org> on 2000/08/31 02:25 AM
>
>To: Ed Simon <ed.simon@entrust.com>
>cc: "Public XML Encryption List" <xml-encryption@w3.org>, swick@w3.org, Dan
> Connolly <connolly@w3.org> (bcc: Takeshi Imamura/Japan/IBM)
>Subject: Encrypted Node URI and NodeType
>
>
>
>
>Ed,
>
>As stated after the Crypto BoF, in your proposal [1] I recommend you break
>up your NodeType into a location (location of the EncryptedNode's encrypted
>serialization -- if not present in the element content) and NodeType (the
>URIs of the Information Set item provided by [2]). Instead of
>
><EncryptedNode xmlns="http://www.w3.org/2001/03/Encryption"
> NodeType="." <!-- "." indicates the <EncryptedNode> element is right
> where the original unencrypted element was -->
> EncryptionInfo="#encryptionInfo23">
> (Base64 of encrypted Element node)
></EncryptedNode>
>
>this:
>
><EncryptedNode xmlns="http://www.w3.org/2001/03/Encryption"
> Location="."
> InformationSetItem="http://www.w3.org/2000/07/infoset#Element"
> EncryptionInfo="#encryptionInfo23">
> (Base64 of encrypted Element node)
></EncryptedNode>
>
>Futhermore, if Location is intended to be a URI the "." hack/syntax for the
>present node will probably be problematic. I'm presently scratching my head
>about the best structure/relation of these things to each other (describing
>Information Set Items/Nodes in the context of a serialized Information Set
>Items/Nodes where both instances have a relationship to each other...)
>Hopefully I'll post more within the week.
>
>[1]
>http://lists.w3.org/Archives/Public/xml-encryption/2000Aug/att-0001/01-xmlenc
>overview.html
>[2] http://www.w3.org/TR/2000/WD-xml-infoset-20000726
>
>_________________________________________________________
>Joseph Reagle Jr.
>W3C Policy Analyst mailto:reagle@w3.org
>IETF/W3C XML-Signature Co-Chair http://www.w3.org/People/Reagle/
_________________________________________________________
Joseph Reagle Jr.
W3C Policy Analyst mailto:reagle@w3.org
IETF/W3C XML-Signature Co-Chair http://www.w3.org/People/Reagle/
Received on Thursday, 31 August 2000 16:35:59 UTC