W3C home > Mailing lists > Public > xml-encryption@w3.org > September 2001

RE: Minor comments on Section 4

From: <edsimon@xmlsec.com>
Date: Wed, 19 Sep 2001 18:00:07 -0400
Message-ID: <3BA68A12000011EB@mail.san.yahoo.com>
To: Blair Dillaway <blaird@microsoft.com>, reagle@w3.org, Takeshi Imamura <IMAMU@jp.ibm.com>, xml-encryption@w3.org

Blair wrote

>we're ambiguous in Step 3.1 about who is responsible for
>serializing the data.
>

I don't think the text is ambiguous because all the steps starts out with
"the encryptor must:".  Hence all the steps are the Encryptor's responsibility
unless otherwise specified.  Unless there is a good reason otherwise, I
wouldn't want the application to have the handle the serialization of XML
Elements and Content.

On a related topic, for non-XML data where we require the application to
do the serialization (because the Encryptor can't do arbitrary serialization),
does it make sense to allow the application to provide a hint in <EncryptedData>
how the the serialization was done?  I'm thinking of the receiving end,
where the Decryptor want's to de-serialize the data and wants to know how
the serialization was done.

Ed

-----------------------------------------------------------------------------------------------
Ed Simon
XMLsec Inc.

Interested in XML Security Training and Consulting services?  Visit "www.xmlsec.com".
Received on Wednesday, 19 September 2001 18:05:10 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 27 October 2009 08:42:19 GMT