W3C home > Mailing lists > Public > xml-encryption@w3.org > May 2002

Re: Encryption Subset Scenario

From: Jiandong Guo <jguo@phaos.com>
Date: Thu, 16 May 2002 10:17:52 -0400
Message-ID: <3CE3BF90.4DCBD651@phaos.com>
To: "Dournaee, Blake" <bdournaee@rsasecurity.com>
CC: xml-encryption@w3.org, "Hammond, Ben" <bhammond@rsasecurity.com>, edsimom@xmlsec.com


"Dournaee, Blake" wrote:

> All -
>
> Given an input Document D:
>
> <doc>
>   <elem1> foo1 </elem1>
>   <elem2> foo2 </elem2>
>   <elem3> foo3 </elem3>
> </doc>
>
> I want to encrypt just the first two child elements (<elem1> and <elem2>).
> This doesn't appear to fit the definition of
> Type='http://www.w3.org/2001/04/xmlenc#Element', which suggests a single
> element, or Type='http://www.w3.org/20001/04/xmlenc#Content'
> which suggests that all three elements must be encrypted (elem1, elem2 and
> elem3).
>
> Choosing to treat the first two elements as arbitrary plaintext also seems
> overkill, and if so, this ruins the XML semantics. I cannot
> treat it as text/xml, because this document subset is not well-formed.
> Treating it as text/plain looses all of the XML semantics.
>
> The obvious solution is to create two <EncryptedData> elements, but this is
> redundant. Another solution is an XPath transform, but this
> doesn't exist for XML Encryption.
>
> Am I missing something here? Is there an obvious solution to this? It seems
> like a simple case that might have been overlooked.

If you want to encrypt two elements in one EncryptedData, the question is
that how do you handle the "replace" process in encryption and later in
decryption,
considering there could have other nodes (text nodes or other elements) between

these two elements?

-----------------------------------------
Jiandong Guo
Phaos Technology
www.phaos.com
Received on Thursday, 16 May 2002 10:13:57 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 27 October 2009 08:42:21 GMT