W3C home > Mailing lists > Public > xml-encryption@w3.org > November 2001

Re: Decryption Transform comments

From: Takeshi Imamura <IMAMU@jp.ibm.com>
Date: Sat, 3 Nov 2001 02:18:02 +0900
To: reagle@w3.org
Cc: <hirsch@zolera.com>, <xml-encryption@w3.org>, "Hiroshi Maruyama" <MARUYAMA@jp.ibm.com>
Message-ID: <OF9911846D.99FDF808-ON49256AF8.00581C33@LocalDomain>


Joseph,

>> Shouldn't the URI attribute of the Except element be required? The
schema
>> says it is optional.
>
>Ok, I've reflected your tweaks (with my own teaks) and the URI as required
>in [new revision: 1.10].

You missed Frederick's tweak about XPointer.

Also I think that the third item in Section 2.1.2 is not a restriction but
just a note for the function decrypt().  So it should be moved to the
definition of the function.

>> I also find the function name noDecryptNodes confusing and sugggest an
>> alternative: decryptIncludedNodes
>
>I agree the names are a bit confusing ... On another similar note for
>parallelism, if we use "noDecryptNodes" (subject to change) perhaps we
>should call the other decryptNode)? Regardless, I defer this and the
>following question to Takeshi and Hiroshi (and the list).

OK, I try revising the description of the function "noDecryptNodes" as
follows:

Z = decryptIncludedNodes(X, R)
where X is a node-set and R is a set of dcrpt:Except elements specified as
a parameter of the transform.  Z is a node-set obtained by the following
steps:
1. Within X, select e, an element node with the type enc:EncryptedData,
such that is not referenced by any dcrpt:Except elements in R.  If such e
cannot be selected, the algorithm terminates and Z, the result of the
transformation, is X.
2. Let C be a parsing context of X.
3. Let Y be decrypt(X, e, C).  If this function succeeds, replace X with Y.
Otherwise, the implementation MAY signal a failure of the transform.
Alternatively, it MAY also continue processing without changing X (although
it should take an appropriate means to avoid an infinite loop).
4. Go to Step 1.

> I also have a question regarding transform generation. Should the
> document be canonicalized before creating the Decryption Transform, as
> well as after?

Frederick, what do you mean by "document"?  The SignedInfo element?  If so,
you are right.  The step for canonicalizing the element should be added.

Thanks,
Takeshi IMAMURA
Tokyo Research Laboratory
IBM Research
imamu@jp.ibm.com
Received on Friday, 2 November 2001 12:18:14 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:32:02 UTC