- From: Joseph M. Reagle Jr. <reagle@w3.org>
- Date: Thu, 22 Mar 2001 16:33:03 -0500
- To: Ed Simon <ed.simon@entrust.com>, Blair Dillaway <blaird@microsoft.com>
- Cc: xml-encryption@w3.org
At 11:35 3/22/2001 -0500, Ed Simon wrote:
>Given that the discussion of attribute encryption has been intense but
>inconclusive, why don't we drop trying to express the rationale one way
>or the other in the requirements document and just keep the solicitation
>for feedback.
I think this is a good idea Ed. The thing that I'm most concerned is that
for the two more complex features of (a) attribute encryption and (b)
signature+encryption, when we punt on these as out of scope or an
application issue, we give an indication as to whether an application has a
sound option.
For signature+encryption, we say it's out of scope, but here's two well
specified application options (always encrypt signature, or the
decrypt-exception transform.)
For attribute encryption, we say it's out of scope and we do not yet have
any well specified option/recommendation.
So, I second your proposal with the following amendment to the comment:
>The Working Group (WG) solicits comment on this requirement from the
>broader community. After much discussion about the requirements,
>complexities, and alternatives of attribute encryption {List: Hallam-Baker,
>Simon, Reagle} the WG has decided to proceed under the requirement of
>element encryption while remaining open to further comment, experimentation
>and specification of attribute encryption proposals or alternatives that
>satisfy the requirement to encrypt sensitive attribute values.
__
Joseph Reagle Jr. http://www.w3.org/People/Reagle/
W3C Policy Analyst mailto:reagle@w3.org
IETF/W3C XML-Signature Co-Chair http://www.w3.org/Signature
W3C XML Encryption Chair http://www.w3.org/Encryption/2001/
Received on Thursday, 22 March 2001 16:33:47 UTC