RE: Comments on the requirements draft from Ed Simon on 2001-03-22 (xml-encryption@w3.org from March 2001)

From: Ed Simon <ed.simon@entrust.com>
Date: Thu, 22 Mar 2001 11:35:25 -0500
To: xml-encryption@w3.org
Message-ID: <A0E1DEC54ED42F4884DD9EEA00ACE37106D18D@sottmxs08.entrust.com>

>But, it is also recognized that encrypting attribute values always 
>transforms the original document.  In general, this transformation will 
>make the resulting document invalid against an existing, non-encryption 
>aware, schema, for the original document.  Hence, intermediate processors 
>may error when attempting to process the encryption transformed document. 
>The XML Encryption specification should not encourage this potentially 
>brittle application behavior. {Dillaway}

I have great difficulty with the above because it applies equally to
encrypting elements and element content.  These too will almost always 
transform the document making it invalid against an existing, non-encryption

aware, schema, for the original document.  If I agreed with the above, I
could only deduce that XML Encryption should also abstain from any type of
node-wise encryption.

If an existing XML system is to have encryption introduced into it, there
will
likely have to be schema extensions and there will necessarily have to be 
retesting of all the parts which have to process documents containing
encrypted data.

Given that the discussion of attribute encryption has been intense but
inconclusive, why don't we drop trying to express the rationale one way
or the other in the requirements document and just keep the solicitation
for feedback.  This is what I would write.

1.  The specification must provide for the encryption of a part or totality
of an XML document 
  1.  Granularity of encryption is limited to an element (including
start/end tags) or element content (between the start/end tags). { prop2,
WS} 

<box>
There has been much discussion about supporting attribute encryption: {List:
Hallam-Baker, Simon, Reagle}. The Working Group (WG) solicits comment on
this requirement from the broader community to establish, first, whether
there is demand for attribute encryption and, second, how it should be
supported. At present, the WG has decided to  proceed under the requirement
of element encryption while remaining open to further comment,
experimentation and specification of attribute encryption proposals.
</box>

Is this agreeable to everyone?
Ed

Received on Thursday, 22 March 2001 11:36:19 UTC