W3C home > Mailing lists > Public > xml-encryption@w3.org > March 2002

Re: Why is Except limited to local fragments?

From: Takeshi Imamura <IMAMU@jp.ibm.com>
Date: Sat, 23 Mar 2002 04:07:47 +0900
To: reagle@w3.org
Cc: merlin <merlin@baltimore.ie>, "Hiroshi Maruyama" <MARUYAMA@jp.ibm.com>, xml-encryption@w3.org
Message-ID: <OF1AB2E0F8.3A3DB561-ON49256B84.006548E0@LocalDomain>

>> >> ... If the xenc:EncryptedData is not the first node in X, and its
>> >> type is neither &xenc;Element nor &xenc;Content, then it MUST
>> >> be the only xenc:EncryptedData in X not referenced by an Except
>> >> element. This prevents mixed decryption of XML and non-XML data,
>> >> and restricts the decryption transform to a single piece of
>> >> binary data at a time.
>> I support Merlin.  Actually his suggestion is what I intended in the
>> original text by "an xenc:EncryptedData element node being decrypted".
>> That is, EncryptedData element nodes referenced by Except elements can
>> appear anywhere in a node-set and should be ignored when checking if
>> restrictions on the Type attribute are satisfied.  This is not only the
>> case for non-XML EncryptedData element but the case for XML
EncryptedData
>> element.
>
>The text now reads as follows, please propose further changes if
necessary:
>
>http://www.w3.org/Encryption/2001/Drafts/xmlenc-decrypt
>$Revision: 1.36 $ on $Date: 2002/03/18 18:45:50 $ GMT by $Author: reagle $
>
>o If an xenc:EncryptedData being decrypted is the first node in X, the
>value of its Type attribute MUST NOT be &xenc;Content. This ensures the
>result is always rooted by a single element.

This ensures that if Type is Element, the result is a single-rooted
node-set, and otherwise, the result is binary data.

>If the xenc:EncryptedData is not the first node in X and its type is
>neither &xenc;Element nor &xenc;Content, then it MUST be the only
>xenc:EncryptedData in X not referenced by an Except element. This prevents
>the mixed decryption of XML and non-XML data and restricts the decryption
>transform to a single piece of binary data.

Sorry, I don't understand this.  In this case, after decryption, how are
nodes other than the EncryptedData element node and its descendant nodes
treated?  Are they thrown away?  If yes, it seems strange to me.  I would
like to propose the text like "If an xenc:EncryptedData element node being
decrypted is not the first node in X, the value of its Type attribute MUST
be &xenc;Element or &xenc;Content.  This ensures that the result is always
a node-set."  How do you feel?

Thanks,
Takeshi IMAMURA
Tokyo Research Laboratory
IBM Research
imamu@jp.ibm.com
Received on Friday, 22 March 2002 14:11:12 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 27 October 2009 08:42:20 GMT