- From: Joseph Reagle <reagle@w3.org>
- Date: Thu, 27 Sep 2001 16:59:53 -0400
- To: merlin <merlin@baltimore.ie>
- Cc: "XML Encryption WG" <xml-encryption@w3.org>
On Thursday 27 September 2001 12:36 pm, merlin wrote:
> One flaw with [1] is that Reference URI="foo.xml#bar" is not valid.
> Rather, you need URI="foo.xml" followed by an XPath or XPointer transform
> to select the appropriate element.
Ok, so this makes it even uglier: if we do go for option 1 (removing
Digest{Method/Value} from xenc), one would have to create a Signature with
a Manifest, over those elements you may wish to partially reveal, and those
references are going to look like:
<Object>
<Manifest ID="Manifest1">
<Reference URI="foo.xml">
<Transforms>
<Transform
Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
<XPath>//*[@id="a"]</XPath>
</Transform>
<Transform
Algorithm="http://www.w3.org/2001/04/xmlenc#decryption"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>aj6lwx3rvEPO0vKtMup4NbeVu8nk=</DigestValue>
</Reference>
...
Yikes!
> However; I would vote for 1, and furthermore I would suggest that [1]
> with any necessary cleanup would be more appropriate as a separate
> informational document. I don't think it represents a core part of XML
> encryption syntax or processing.
Ok, well, given how ugly it is and your proposal that it be Informational,
I'm presuming that you wouldn't bother regardless? While Amir has made the
case for this functionality (and we debate about the best way), you simply
don't even share the requirement?
Received on Thursday, 27 September 2001 16:59:55 UTC