W3C home > Mailing lists > Public > xml-encryption@w3.org > May 2002

Re: Encryption Subset Scenario

From: Ed Simon <edsimon@xmlsec.com>
Date: Thu, 16 May 2002 14:52:14 -0400
Message-ID: <001d01c1fd0a$cb7b72d0$f2a0fea9@DJQC7111>
To: "Dournaee, Blake" <bdournaee@rsasecurity.com>, <xml-encryption@w3.org>
Cc: "Hammond, Ben" <bhammond@rsasecurity.com>
Yes, the way I suggested was application-specific (not interoperable) but I
was assuming the scenario was considered application-specific.

One early design principle of XML Encryption was that unless a strong,
convincing case (eg. real apps demand it) could be made for supporting an
encryption scenario, supporting that scenario would NOT become a
requirement.  You could say that the unwritten rule is that uncommon
scenarios are to be handled by scenario-specific approaches such as the one
I suggested.

Regards, Ed

----- Original Message -----
From: "Ed Simon" <edsimon@xmlsec.com>
To: "Dournaee, Blake" <bdournaee@rsasecurity.com>; <xml-encryption@w3.org>
Cc: "Hammond, Ben" <bhammond@rsasecurity.com>
Sent: Thursday, May 16, 2002 8:34 AM
Subject: Re: Encryption Subset Scenario


> The appropriate solution, in accordance with XML Encryption, would be
>
> <doc>
>    <EncryptedData
> Type='http://www.w3.org/2001/04/xmlenc#Element'...>...</EncryptedData>
>    <EncryptedData
> Type='http://www.w3.org/2001/04/xmlenc#Element'...>...</EncryptedData>
>    <elem3> foo3 </elem3>
>  </doc>
>
> I take it, by your note, you feel this solution is redundant.  Is this
> because the elements are contiguous and you were going to use the same
> encryption parameters for both elements anyway?
>
> Ed
>
> ----- Original Message -----
> From: "Dournaee, Blake" <bdournaee@rsasecurity.com>
> To: <xml-encryption@w3.org>
> Cc: "Hammond, Ben" <bhammond@rsasecurity.com>
> Sent: Wednesday, May 15, 2002 3:35 PM
> Subject: Encryption Subset Scenario
>
>
> > All -
> >
> > Given an input Document D:
> >
> > <doc>
> >   <elem1> foo1 </elem1>
> >   <elem2> foo2 </elem2>
> >   <elem3> foo3 </elem3>
> > </doc>
> >
> > I want to encrypt just the first two child elements (<elem1> and
<elem2>).
> > This doesn't appear to fit the definition of
> > Type='http://www.w3.org/2001/04/xmlenc#Element', which suggests a single
> > element, or Type='http://www.w3.org/20001/04/xmlenc#Content'
> > which suggests that all three elements must be encrypted (elem1, elem2
and
> > elem3).
> >
> > Choosing to treat the first two elements as arbitrary plaintext also
seems
> > overkill, and if so, this ruins the XML semantics. I cannot
> > treat it as text/xml, because this document subset is not well-formed.
> > Treating it as text/plain looses all of the XML semantics.
> >
> > The obvious solution is to create two <EncryptedData> elements, but this
> is
> > redundant. Another solution is an XPath transform, but this
> > doesn't exist for XML Encryption.
> >
> > Am I missing something here? Is there an obvious solution to this? It
> seems
> > like a simple case that might have been overlooked.
> >
> > Thanks,
> >
> > Blake Dournaee
> > Toolkit Applications Engineer
> > RSA Security
> >
> > "The only thing I know is that I know nothing" - Socrates
> >
> >
> >
> >
> >
>
Received on Thursday, 16 May 2002 14:50:41 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 27 October 2009 08:42:21 GMT