- From: Scott Cantor <cantor.2@osu.edu>
- Date: Wed, 30 Dec 2009 11:10:10 -0500
- To: "'Frederick Hirsch'" <frederick.hirsch@nokia.com>, "'ext Thomas Roessler'" <tlr@w3.org>
- Cc: "'XMLSec WG Public List'" <public-xmlsec@w3.org>, "'Carine Bournez'" <carine@w3.org>
Frederick Hirsch wrote on 2009-12-30: > It seems that replacing an element with an EncryptedData element is a > core concept of the specification and should be normatively specified > - currently there is a SHOULD in the specification. You really can't normatively dictate to other schemas how they should incorporate encryption. The mechanism you suggest, for example, means that every element in a schema that wants to allow for encrypting itself would end up being replaced with a generic element (EncryptedData). That's not terribly easy to specify. It certainly isn't how SAML did it. At most, you might provide advisory material about different ways of doing it, but the most obvious (straight replacement) actually isn't all that common that I've seen, because most of the time you want some indication of what the original element was from the perspective of the decrypting party. So Foo might become EncryptedFoo with EncryptedData inside it. -- Scott
Received on Wednesday, 30 December 2009 16:10:45 UTC