- From: Frederick Hirsch <frederick.hirsch@nokia.com>
- Date: Fri, 2 Oct 2009 08:13:31 -0400
- To: XMLSec WG Public List <public-xmlsec@w3.org>
- Cc: Frederick Hirsch <frederick.hirsch@nokia.com>
I took an action, ACTION-374, to review ISSUE-135, to clarify the intent of this issue related to Transforms in XML Encryption. Reviewing the minutes, it is clear this was raised when discussing how to align XML Signature 1.1 and XML Encryption 1.1. From the minutes (see below and in the issue) I think the issue can be stated as follows: 1. The XML Encryption CipherReference element supports an optional Transforms child element (from the encryption namespace) that can contain 1 or more Transform children. 2. The XML Encryption Algorithms section has no mention of transforms. This is inconsistent with XML Signature 1.1, that has a section on Transform Algorithms in the algorithm section: http://www.w3.org/2008/xmlsec/Drafts/xmldsig-core-11/Overview.htm#sec-TransformAlg 3. The question raised by the issue is: Should XML Encryption have a sub-section in the Algorithms section for transforms? Proposal: I suggest the answer is "no", because the specification states in the CipherReference section: "The syntax of the URI and Transforms is similar to that of [XML- DSIG]. However, there is a difference between signature and encryption processing. " By making the following change we could make it clear that the transforms are defined in XML-DSIG, hence no need for repeating the information in XML Encryption: "The syntax of the URI and Transforms is defined in XML Signature [XML- DSIG], however XML Encryption places the Transforms element in the XML Encryption namespace since it is used in XML Encryption obtain an octet stream for decryption. " It isn't obvious why a different namespace was needed, even though the transforms are here used to obtain the octets to decrypt (but that was an earlier decision). I've created a new issue to look at the impact of 2.0 transforms on XML Encryption, ISSUE-146. regards, Frederick Frederick Hirsch Nokia Raised during June 2009 F2F on topic of aligning 1.1 XML Signature and XML Encryption From minutes: http://lists.w3.org/Archives/Member/member-xmlsec/2009Jun/att-0009/09-xmlsec-minutes.html#item07 <fjh> http://www.w3.org/2008/xmlsec/Drafts/xmlenc-core-11/Overview.htm#sec-CipherReference Magnus: nothing in particular in mind ... we don't have a transform element , should there be one? <fjh> "The syntax of the URI and Transforms is similar to that of" Frederick: may need to review this more <fjh> issue: review transforms for encryption <trackbot> Created ISSUE-135 - Review transforms for encryption ; please complete additional details athttp://www.w3.org/2008/xmlsec/track/issues/135/edit . Mail from Magnus stated: http://lists.w3.org/Archives/Public/public-xmlsec/2009May/0054.html - XMLEnc does not mention transform algorithms (but should probably given the CipherReference type, see XMLEnc Section 3.3.1). If the group agrees that it should, I guess the same normative statements as are in XMLDsig 1.1 with regards to transforms should apply?
Received on Friday, 2 October 2009 12:14:25 UTC