W3C home > Mailing lists > Public > xml-encryption@w3.org > January 2001

Attribute encryption

From: Sanjeev Hirve <shirve@cyberelan.com>
Date: Mon, 8 Jan 2001 09:51:05 -0500
Message-ID: <0ce001c07982$6e53d0f0$0800010a@cyberelan.com>
To: <xml-encryption@w3.org>
Cc: "Michael Sakhatsky" <msakhatsky@cyberelan.com>, "Raju Nadakaduty" <praju@cyberelan.com>, "Marcus A Cuda" <mcuda@cyberelan.com>
The latest proposal does not treat element content consistently.  I propose the following change to EncryptedData-Type.
Element : no change,
Content : encrypts all attributes and child nodes of element.
NodeList : retain ?

The rationale is as follows:
1- one can expect applications where the Name of the element can give away information, hence we need the ability to encrypt the name.  On the other hand, leaving the name exposed makes it easier to process a document (eg moving data to/from database columns).
2- information is typically stored either in content or in attributes.  The choice sometimes is arbitrary, or driven by other factors.  Thus attributes data can be as sensitive as child nodes.

Thus there will be valid situations where the application needs to hide attribute data, but leave the element name enclair.

However, certain attributes should not be encrypted:
  1- attributes of type ID
  2- namespace attribute
  3- others ?

regards
SSH
Received on Monday, 8 January 2001 09:47:57 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 27 October 2009 08:42:18 GMT