W3C home > Mailing lists > Public > xml-encryption@w3.org > March 2001

Re: XML Encryption Data/Processing Model

From: Joseph M. Reagle Jr. <reagle@w3.org>
Date: Thu, 29 Mar 2001 14:15:42 -0500
Message-Id: <4.3.2.7.2.20010329141303.02ea1008@rpcp.mit.edu>
To: "Takeshi Imamura" <IMAMU@jp.ibm.com>
Cc: "XML Encryption WG " <xml-encryption@w3.org>, "Hiroshi Maruyama" <MARUYAMA@jp.ibm.com>
At 19:33 3/29/2001 +0900, Takeshi Imamura wrote:
>The serialization is not so sensitive if only encryption is performed.
>However, that may not be true if both encryption and signature are
>performed on a document.  For example, suppose that a user signs and then
>encrypts a document, where he defines and uses his own serialization which
>does not preserve information set.  Another user will fail in verifying the
>signature because the original document cannot be retrieved.  For such
>reason, I think we should define at least a serialization for information
>set.

Very good point, I added that to the text in that section. However, I don't 
think the Infoset or DOM data models lack anything required by Canonical 
XML. (The part of XPath data model used by Canonical XML is a subset of both 
DOM and Infoset, right?) Even if this is the case (doesn't necessitate the 
use of Infoset or DOM), do you have a preference between the two?

__
Joseph Reagle Jr.                 http://www.w3.org/People/Reagle/
W3C Policy Analyst                mailto:reagle@w3.org
IETF/W3C XML-Signature Co-Chair   http://www.w3.org/Signature
W3C XML Encryption Chair          http://www.w3.org/Encryption/2001/
Received on Thursday, 29 March 2001 14:16:09 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 27 October 2009 08:42:18 GMT