Re: serialization and xml wrapping from merlin on 2002-09-26 (xml-encryption@w3.org from September 2002)

From: merlin <merlin@baltimore.ie>
Date: Thu, 26 Sep 2002 20:18:08 +0100
To: "Ari Kermaier" <arik@phaos.com>
Cc: "W3C XML-ENC WG List" <xml-encryption@w3.org>
Message-Id: <20020926191808.3D2F743C14@yog-sothoth.ie.baltimore.com>

Hi Ari,

I think the text is a little but confusing; but the general gist
is the following:

[2] implicitly recommends using canonicalization to preserve
namespace information, so the ciphertext can be decrypted
in a new context. If you follow this recommendation, you
should emit xmlns="" where you usually wouldn't (at the top
of the document).

However, the wrapping of [1] is done to support the case where
people _don't_ use canonicalization, but instead expect to
inherit namespace information from the surrounding document.

So, the example doesn't follow our implicit recommendation
of using c14n, but instead relies on inheriting namespace
information from the surrounding document.

Does this make sense?

Merlin

r/arik@phaos.com/2002.09.20/16:46:21
>
>Dear All,
>
>I'm confused about the rules for augmenting/wrapping/parsing decrypted XML
>in XML Encryption and Decryption Transform. Given the example from [1]:
>
><!DOCTYPE Document [
>  <!ENTITY dsig "http://www.w3.org/2000/09/xmldsig#">
>]>
><Document xmlns="http://example.org/">
>  <foo:Body xmlns:foo="http://example.org/foo">
>    <EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#"
>                   Type="http://www.w3.org/2001/04/xmlenc#Element">
>      ...
>    </EncryptedData>
>  </foo:Body>
></Document>
>
>Where the EncryptedData element decrypts to:
>
><One><foo:Two/></One>
>
>The text gives the following as the correct result:
>
><!DOCTYPE dummy [
>  <!ENTITY dsig "http://www.w3.org/2000/09/xmldsig#">
>]>
><dummy xmlns="http://example.org/"
>       xmlns:foo="http://example.org/foo"><One><foo:Two/></One></dummy>
>
>However, [2] indicates that <Foo/> parsed in the context of:
>
><Bar xmlns="http://example.org/bar"/>
>
>Should be augmented to produce:
>
><Bar xmlns="http://example.org/bar"><Foo xmlns="" /></Bar>
>
>Wouldn't this mean that the example from [1] should give the result as:
>
><!DOCTYPE dummy [
>  <!ENTITY dsig "http://www.w3.org/2000/09/xmldsig#">
>]>
><dummy xmlns="http://example.org/"
>       xmlns:foo="http://example.org/foo"><One
>xmlns=""><foo:Two/></One></dummy>
>
>But this doesn't make sense to me, since the point of giving the parsing
>context to the dummy element is to make sure that inherited namespaces *are*
>transmitted to the wrapped XML.
>
>Further: [3] indicates, for Step 2 of  decryptXML(N, E), that: "A namespace
>declaration xmlns="" MUST be emitted with every apex element that has no
>namespace prefix and URI as described in Serializing XML [XML-Encryption,
>section 4.3.3]". Firstly, we're talking about the apex elements in a
>node-set, which might include namespace nodes for the default namespace
>inherited from the dummy element in prior wrapping/parsing -- this means
>that an element without a namespace prefix is not necessarily without a
>namespace, and emitting xmlns="" would conflict with emission of the
>namespace node in the node-set.
>
>What am I missing?
>
>Thanks,
>Ari Kermaier
>
>-----------------
>[1]  http://www.w3.org/TR/xmlenc-core/#sec-Text-Wrapping
>[2]  http://www.w3.org/TR/xmlenc-core/#sec-Serializing-XML
>[3]
>http://www.w3.org/Encryption/2001/Drafts/xmlenc-decrypt.html#sec-xml-process
>ing
>

Received on Thursday, 26 September 2002 15:18:40 UTC