W3C home > Mailing lists > Public > xml-encryption@w3.org > August 2000

Re: Encrypted Node URI and NodeType

From: Joseph M. Reagle Jr. <reagle@w3.org>
Date: Thu, 31 Aug 2000 16:35:23 -0400
Message-Id: <4.3.2.7.2.20000831153451.00af39c8@rpcp.mit.edu>
To: "Takeshi Imamura" <IMAMU@jp.ibm.com>, John Cowan <jcowan@reutershealth.com>, Ed Simon <ed.simon@entrust.com>
Cc: "Public XML Encryption List" <xml-encryption@w3.org>
At 11:02 8/31/2000 +0900, Takeshi Imamura wrote:
>Ed's proposal also targets a whole attribute (i.e., name and value pair) and
>only a value of an attribute.  How does your idea work for them?

Ok, so we are encrypting a piece of XML and we need to identify what we've 
encrypted. In Information Set speak, you are identifying not only the Item, 
but its normalized value property. [1] I don't think there is a single URI 
for identifying an Item and its property, such as:
         http://www.w3.org/2000/07/infoset#Attribute.NormalizedValue

We could add another piece of syntax:

<EncryptedNode xmlns="http://www.w3.org/2001/03/Encryption"
     Location="."
     InformationSetItem="http://www.w3.org/2000/07/infoset#Element"
     InformationSetProperty="http://www.w3.org/2000/07/infoset#normalizedValue"
     EncryptionInfo="#encryptionInfo23">
     (Base64 of encrypted Element node)
</EncryptedNode>

But is that attribute an IDREF or a URI, so you could add another URI such as:

InformationSetAttributeType="http://www.w3.org/2000/07/infoset#AttributeType.IDREF"

But this could quickly get annoying and the Information Set spec fortunately 
provides a whole schema that defines the relationship of these things to 
each other! Consequently (though this is the thing I said I wanted to think 
more about) we could adopt something like the following where I've encrypted 
the CDATA value of the 'author' attribute:

<EncryptedNode>
<infoset:Attribute xmlns:infoset="http://www.w3.org/2000/07/infoset#'"
   <infoset:normalizedValue resource="#foo"/>
   <infoset:localName resource="author"/>
   <infoset:namespaceName resource="bib:"/>
   <infoset:attributeType resource="infoset:AttributeType.CDATA"/>
</infoset:Attribute>
<Data Id="foo">alkdjab2o3498salkjvblkajb9872398</Data>
</EncryptedNode/>

Note that normalizedValue resource="#foo" identifies the thing that was 
actually encrypted. this would allow me to nifty partial encryptions of 
portions of an InformationSet Item rather compactly:

<EncryptedNode>
<infoset:Attribute xmlns:infoset="http://www.w3.org/2000/07/infoset#'"
   <infoset:normalizedValue resource="#foo"/>
   <infoset:localName resource="#bar"/>
</infoset:Attribute>
<Data Id="foo">alkdjab2o3498salkjvblkajb9872398</Data>
<Data Id="bar">alkdjab2o3498salkjvblkajb9872398</Data>
</EncryptedNode/>

Now I'm not convinced I'm using the InformationSet properly here (as an 
Attribute is actually a member of AttributeSet (an easy way to encrypt the 
whole attribute set!). John, do you expect InformationSet to provide an XML 
Schema for explicit representations?

[1] http://www.w3.org/TR/2000/WD-xml-infoset-20000726



>From: "Takeshi Imamura" <IMAMU@jp.ibm.com>
>To: "Joseph M. Reagle Jr." <reagle@w3.org>
>cc: Ed Simon <ed.simon@entrust.com>,
>         "Public XML Encryption List" <xml-encryption@w3.org>
>Message-ID: <4925694C.000B6197.00@d22mta13.yamato.ibm.com>
>Date: Thu, 31 Aug 2000 11:02:50 +0900
>Mime-Version: 1.0
>Content-type: text/plain; charset=us-ascii
>Subject: Re: Encrypted Node URI and NodeType
>Resent-From: xml-encryption@w3.org
>X-Mailing-List: <xml-encryption@w3.org> archive/latest/59
>X-Loop: xml-encryption@w3.org
>Sender: xml-encryption-request@w3.org
>Resent-Sender: xml-encryption-request@w3.org
>Precedence: list
>Status:
>
>
>
>
>Joseph,
>
>Ed's proposal also targets a whole attribute (i.e., name and value pair) and
>only a value of an attribute.  How does your idea work for them?
>
>Thanks,
>Takeshi IMAMURA
>Tokyo Research Laboratory
>IBM Japan, Ltd.
>E-mail: imamu@jp.ibm.com
>
>
>
>From: "Joseph M. Reagle Jr." <reagle@w3.org> on 2000/08/31 02:25 AM
>
>To:   Ed Simon <ed.simon@entrust.com>
>cc:   "Public XML Encryption List" <xml-encryption@w3.org>, swick@w3.org, Dan
>       Connolly <connolly@w3.org> (bcc: Takeshi Imamura/Japan/IBM)
>Subject:  Encrypted Node URI and NodeType
>
>
>
>
>Ed,
>
>As stated after the Crypto BoF, in your proposal [1] I recommend you break
>up your NodeType into a location (location of the EncryptedNode's encrypted
>serialization -- if not present in the element content) and NodeType (the
>URIs of the Information Set item provided by [2]). Instead of
>
><EncryptedNode xmlns="http://www.w3.org/2001/03/Encryption"
>     NodeType="."  <!-- "." indicates the <EncryptedNode> element is right
>                          where the original unencrypted element was -->
>     EncryptionInfo="#encryptionInfo23">
>     (Base64 of encrypted Element node)
></EncryptedNode>
>
>this:
>
><EncryptedNode xmlns="http://www.w3.org/2001/03/Encryption"
>     Location="."
>     InformationSetItem="http://www.w3.org/2000/07/infoset#Element"
>     EncryptionInfo="#encryptionInfo23">
>     (Base64 of encrypted Element node)
></EncryptedNode>
>
>Futhermore, if Location is intended to be a URI the "." hack/syntax for the
>present node will probably be problematic. I'm presently scratching my head
>about the best structure/relation of these things to each other (describing
>Information Set Items/Nodes in the context of a serialized Information Set
>Items/Nodes where both instances have a relationship to each other...)
>Hopefully I'll post more within the week.
>
>[1]
>http://lists.w3.org/Archives/Public/xml-encryption/2000Aug/att-0001/01-xmlenc
>overview.html
>[2] http://www.w3.org/TR/2000/WD-xml-infoset-20000726
>
>_________________________________________________________
>Joseph Reagle Jr.
>W3C Policy Analyst                mailto:reagle@w3.org
>IETF/W3C XML-Signature Co-Chair   http://www.w3.org/People/Reagle/


_________________________________________________________
Joseph Reagle Jr.
W3C Policy Analyst                mailto:reagle@w3.org
IETF/W3C XML-Signature Co-Chair   http://www.w3.org/People/Reagle/
Received on Thursday, 31 August 2000 16:35:59 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 27 October 2009 08:42:17 GMT