Fwd: Re: Encrypted Node URI and NodeType from Joseph M. Reagle Jr. on 2000-09-06 (www-rdf-interest@w3.org from September 2000)

From: Joseph M. Reagle Jr. <reagle@w3.org>
Date: Wed, 06 Sep 2000 17:00:08 -0400
To: www-rdf-interest@w3.org
Message-Id: <4.3.2.7.2.20000906165149.031c0888@rpcp.mit.edu>
There's a fair amount of discussion on XML Encryption on a public list and 
I'm forwarding a proposal I made in that forum [1] below. It is likely we 
will need some syntax for describing the XML Information Item that is now 
encrypted. Based on conversations with DanC and RalphS I proposed an 
approach that uses an XML serialization of the RDFS in the Infoset spec. Of 
course, there is no XML schema for that instance, but I think it'd be a good 
idea. I encourage any of the folks here that are interested in that topic or 
XML Encryption to have a look at the list. This is not a W3C activity 
(though it might be some day) but a body of requirements and syntax 
proposals are being discussed and could benefit from those interested in the 
data model and information set behind any particular XML serialization.

[1] http://lists.w3.org/Archives/Public/xml-encryption/
[2] http://www.w3.org/TR/xml-infoset#rdfschema

Forwarded Text ----
>Date: Thu, 31 Aug 2000 16:35:23 -0400
>To: "Takeshi Imamura" <IMAMU@jp.ibm.com>,
>         John Cowan <jcowan@reutershealth.com>, Ed Simon 
> <ed.simon@entrust.com>
>From: "Joseph M. Reagle Jr." <reagle@w3.org>
>Cc: "Public XML Encryption List" <xml-encryption@w3.org>
>In-Reply-To: <4925694C.000B6197.00@d22mta13.yamato.ibm.com>
>Subject: Re: Encrypted Node URI and NodeType
>Status:
>
>At 11:02 8/31/2000 +0900, Takeshi Imamura wrote:
>>Ed's proposal also targets a whole attribute (i.e., name and value pair) and
>>only a value of an attribute.  How does your idea work for them?
>
>Ok, so we are encrypting a piece of XML and we need to identify what we've 
>encrypted. In Information Set speak, you are identifying not only the Item, 
>but its normalized value property. [1] I don't think there is a single URI 
>for identifying an Item and its property, such as:
>         http://www.w3.org/2000/07/infoset#Attribute.NormalizedValue
>
>We could add another piece of syntax:
>
><EncryptedNode xmlns="http://www.w3.org/2001/03/Encryption"
>     Location="."
>     InformationSetItem="http://www.w3.org/2000/07/infoset#Element"
> 
>InformationSetProperty="http://www.w3.org/2000/07/infoset#normalizedValue"
>     EncryptionInfo="#encryptionInfo23">
>     (Base64 of encrypted Element node)
></EncryptedNode>
>
>But is that attribute an IDREF or a URI, so you could add another URI such 
>as:
>
>InformationSetAttributeType="http://www.w3.org/2000/07/infoset#AttributeType.IDREF"
>
>But this could quickly get annoying and the Information Set spec 
>fortunately provides a whole schema that defines the relationship of these 
>things to each other! Consequently (though this is the thing I said I 
>wanted to think more about) we could adopt something like the following 
>where I've encrypted the CDATA value of the 'author' attribute:
>
><EncryptedNode>
><infoset:Attribute xmlns:infoset="http://www.w3.org/2000/07/infoset#'"
>   <infoset:normalizedValue resource="#foo"/>
>   <infoset:localName resource="author"/>
>   <infoset:namespaceName resource="bib:"/>
>   <infoset:attributeType resource="infoset:AttributeType.CDATA"/>
></infoset:Attribute>
><Data Id="foo">alkdjab2o3498salkjvblkajb9872398</Data>
></EncryptedNode/>
>
>Note that normalizedValue resource="#foo" identifies the thing that was 
>actually encrypted. this would allow me to nifty partial encryptions of 
>portions of an InformationSet Item rather compactly:
>
><EncryptedNode>
><infoset:Attribute xmlns:infoset="http://www.w3.org/2000/07/infoset#'"
>   <infoset:normalizedValue resource="#foo"/>
>   <infoset:localName resource="#bar"/>
></infoset:Attribute>
><Data Id="foo">alkdjab2o3498salkjvblkajb9872398</Data>
><Data Id="bar">alkdjab2o3498salkjvblkajb9872398</Data>
></EncryptedNode/>
>
>Now I'm not convinced I'm using the InformationSet properly here (as an 
>Attribute is actually a member of AttributeSet (an easy way to encrypt the 
>whole attribute set!). John, do you expect InformationSet to provide an XML 
>Schema for explicit representations?
>
>[1] http://www.w3.org/TR/2000/WD-xml-infoset-20000726
>
>
>
>>From: "Takeshi Imamura" <IMAMU@jp.ibm.com>
>>To: "Joseph M. Reagle Jr." <reagle@w3.org>
>>cc: Ed Simon <ed.simon@entrust.com>,
>>         "Public XML Encryption List" <xml-encryption@w3.org>
>>Message-ID: <4925694C.000B6197.00@d22mta13.yamato.ibm.com>
>>Date: Thu, 31 Aug 2000 11:02:50 +0900
>>Mime-Version: 1.0
>>Content-type: text/plain; charset=us-ascii
>>Subject: Re: Encrypted Node URI and NodeType
>>Resent-From: xml-encryption@w3.org
>>X-Mailing-List: <xml-encryption@w3.org> archive/latest/59
>>X-Loop: xml-encryption@w3.org
>>Sender: xml-encryption-request@w3.org
>>Resent-Sender: xml-encryption-request@w3.org
>>Precedence: list
>>Status:
>>
>>
>>
>>
>>Joseph,
>>
>>Ed's proposal also targets a whole attribute (i.e., name and value pair) and
>>only a value of an attribute.  How does your idea work for them?
>>
>>Thanks,
>>Takeshi IMAMURA
>>Tokyo Research Laboratory
>>IBM Japan, Ltd.
>>E-mail: imamu@jp.ibm.com
>>
>>
>>
>>From: "Joseph M. Reagle Jr." <reagle@w3.org> on 2000/08/31 02:25 AM
>>
>>To:   Ed Simon <ed.simon@entrust.com>
>>cc:   "Public XML Encryption List" <xml-encryption@w3.org>, swick@w3.org, 
>>Dan
>>       Connolly <connolly@w3.org> (bcc: Takeshi Imamura/Japan/IBM)
>>Subject:  Encrypted Node URI and NodeType
>>
>>
>>
>>
>>Ed,
>>
>>As stated after the Crypto BoF, in your proposal [1] I recommend you break
>>up your NodeType into a location (location of the EncryptedNode's encrypted
>>serialization -- if not present in the element content) and NodeType (the
>>URIs of the Information Set item provided by [2]). Instead of
>>
>><EncryptedNode xmlns="http://www.w3.org/2001/03/Encryption"
>>     NodeType="."  <!-- "." indicates the <EncryptedNode> element is right
>>                          where the original unencrypted element was -->
>>     EncryptionInfo="#encryptionInfo23">
>>     (Base64 of encrypted Element node)
>></EncryptedNode>
>>
>>this:
>>
>><EncryptedNode xmlns="http://www.w3.org/2001/03/Encryption"
>>     Location="."
>>     InformationSetItem="http://www.w3.org/2000/07/infoset#Element"
>>     EncryptionInfo="#encryptionInfo23">
>>     (Base64 of encrypted Element node)
>></EncryptedNode>
>>
>>Futhermore, if Location is intended to be a URI the "." hack/syntax for the
>>present node will probably be problematic. I'm presently scratching my head
>>about the best structure/relation of these things to each other (describing
>>Information Set Items/Nodes in the context of a serialized Information Set
>>Items/Nodes where both instances have a relationship to each other...)
>>Hopefully I'll post more within the week.
>>
>>[1]
>>http://lists.w3.org/Archives/Public/xml-encryption/2000Aug/att-0001/01-xmlenc
>>overview.html
>>[2] http://www.w3.org/TR/2000/WD-xml-infoset-20000726
>>
>>_________________________________________________________
>>Joseph Reagle Jr.
>>W3C Policy Analyst                mailto:reagle@w3.org
>>IETF/W3C XML-Signature Co-Chair   http://www.w3.org/People/Reagle/
>
>
>_________________________________________________________
>Joseph Reagle Jr.
>W3C Policy Analyst                mailto:reagle@w3.org
>IETF/W3C XML-Signature Co-Chair   http://www.w3.org/People/Reagle/
End Forwarded Text ----

_________________________________________________________
Joseph Reagle Jr.
W3C Policy Analyst                mailto:reagle@w3.org
IETF/W3C XML-Signature Co-Chair   http://www.w3.org/People/Reagle/
Received on Wednesday, 6 September 2000 17:09:50 UTC