W3C home > Mailing lists > Public > xml-encryption@w3.org > May 2002

Re: Encryption Subset Scenario

From: Ed Simon <edsimon@xmlsec.com>
Date: Thu, 16 May 2002 08:34:43 -0400
Message-ID: <001501c1fcd6$0eb246d0$f2a0fea9@DJQC7111>
To: "Dournaee, Blake" <bdournaee@rsasecurity.com>, <xml-encryption@w3.org>
Cc: "Hammond, Ben" <bhammond@rsasecurity.com>
The appropriate solution, in accordance with XML Encryption, would be

<doc>
   <EncryptedData
Type='http://www.w3.org/2001/04/xmlenc#Element'...>...</EncryptedData>
   <EncryptedData
Type='http://www.w3.org/2001/04/xmlenc#Element'...>...</EncryptedData>
   <elem3> foo3 </elem3>
 </doc>

I take it, by your note, you feel this solution is redundant.  Is this
because the elements are contiguous and you were going to use the same
encryption parameters for both elements anyway?

Ed

----- Original Message -----
From: "Dournaee, Blake" <bdournaee@rsasecurity.com>
To: <xml-encryption@w3.org>
Cc: "Hammond, Ben" <bhammond@rsasecurity.com>
Sent: Wednesday, May 15, 2002 3:35 PM
Subject: Encryption Subset Scenario


> All -
>
> Given an input Document D:
>
> <doc>
>   <elem1> foo1 </elem1>
>   <elem2> foo2 </elem2>
>   <elem3> foo3 </elem3>
> </doc>
>
> I want to encrypt just the first two child elements (<elem1> and <elem2>).
> This doesn't appear to fit the definition of
> Type='http://www.w3.org/2001/04/xmlenc#Element', which suggests a single
> element, or Type='http://www.w3.org/20001/04/xmlenc#Content'
> which suggests that all three elements must be encrypted (elem1, elem2 and
> elem3).
>
> Choosing to treat the first two elements as arbitrary plaintext also seems
> overkill, and if so, this ruins the XML semantics. I cannot
> treat it as text/xml, because this document subset is not well-formed.
> Treating it as text/plain looses all of the XML semantics.
>
> The obvious solution is to create two <EncryptedData> elements, but this
is
> redundant. Another solution is an XPath transform, but this
> doesn't exist for XML Encryption.
>
> Am I missing something here? Is there an obvious solution to this? It
seems
> like a simple case that might have been overlooked.
>
> Thanks,
>
> Blake Dournaee
> Toolkit Applications Engineer
> RSA Security
>
> "The only thing I know is that I know nothing" - Socrates
>
>
>
>
>
Received on Thursday, 16 May 2002 08:33:10 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 27 October 2009 08:42:21 GMT