- From: Eastlake III Donald-LDE008 <Donald.Eastlake@motorola.com>
- Date: Mon, 25 Feb 2002 12:15:57 -0500
- To: "'www-xenc-xmlp-tf'" <www-xenc-xmlp-tf@w3.org>, "'xml-dist-app'" <xml-dist-app@w3.org>, "'xml-encryption'" <xml-encryption@w3.org>
- Cc: david.orchard@bea.com, noah_mendelsohn@us.ibm.com, "'Christopher Ferris'" <chris.ferris@sun.com>
I am generally in agreement with Chris. If there is a desire to provide a hint as to what the decrypted content will be of a MIME Content-Type labeled xenc:EncryptedData element, one possibility would be to allow an optional parameter. Something like Content-type: application/xenc+xml; decrypted-content="soap:Envelope xmlns:soap='...'" or perhaps Content-type: application/xenc+xml; decrypted-namespace="..."; decrypted-root="Envelope" I'm not sure how often one would want a different decyrptor (or a standard decryptor acting is a different way) depending on the type of decrypted content but if you did, I would think you could sometimes tell what decyrptor you wanted to use based just on the namespace of the decrypted content. If there is a consensus to allow the parts of a SOAP message to be separately encrypted where this is currently prohibited by the SOAP schema, the SOAP schema can be liberalized to permit this. If you want to encrypt parts of a SOAP message in a way fitting into the current SOAP processing flow, directed by header blocks, I don't see a problem. Donald -----Original Message----- From: Christopher Ferris [mailto:chris.ferris@sun.com] Sent: Thursday, February 21, 2002 11:15 AM To: noah_mendelsohn@us.ibm.com Cc: david.orchard@bea.com; reagle@w3.org; 'www-xenc-xmlp-tf'; 'xml-dist-app'; 'xml-encryption' Subject: Re: XMLP/XMLE Use cases and processing models +1 In fact, IMO, the proper way to encrypt the *entire* envelope would be: <xenc:EncryptedData xmlns:xenc="...">...</xenc:EncryptedData> and *this* would be conveyed via the underlying transport with the media type being requested for encrypted document (application/encrypted or whatever) and thus be dispatched NOT to a SOAP processor but to a decyphering processor. Once the decryption has been effected, then, based on the top-level element (SOAP:Envelope xmlns:SOAP="...") the resultant document could be dispatched to a SOAP processor and its media type would then be application/soap+xml (or whatever we end up using). At present, we also have constraints on our SOAP1.2 schema which stipulate that a SOAP Envelope have exactly one Body element information item which means that it is not possible to encrypt the Body element itself, only its content. In addition, we preclude any other elements as direct children of the Envelope save the Header element which may be present at most once. Thus, it isn't possible to encrypt the Header element itself, only its content. Anything else would be an invalid SOAP message document w/r/t the SOAP1.2 specification. My 0.02 USD, Chris noah_mendelsohn@us.ibm.com wrote: > David Orchard writes: > > >>>Imagine I took a SOAP document and encrypted a big chunk of it,ie: >>> > >>><soap:envelope> >>> <xenc:encrypteddata>...</xenc:encrypteddata> >>></soap:envelope>. >>> > >>>Again, this is not changing the SOAP spec in any way. >>> > > I beg to differ. The envelope you show is assuredly not legal SOAP. I > would recommend against anyone using this idiom. > > There are of course an unbounded number of ways that one might consider > sending a message that conveys: "I'll tell you that this is a SOAP > envelope, but the contents of this entire envelope are encrypted." I > think that's what the above is trying to convey. I suggest that the > example above is not a particularly good use of XML, Namespaces (it > violates the definition of soap:envelope) or SOAP (it's surely illegal > SOAP.) SOAP provides mechanisms which are reasonably carefully crafted to > achieve what you want, in a much more controlled and namespace-compatible > manner. I suggest we focus on those, and design MIME types accordingly. > Thank you! > > ------------------------------------------------------------------ > Noah Mendelsohn Voice: 1-617-693-4036 > IBM Corporation Fax: 1-617-693-8676 > One Rogers Street > Cambridge, MA 02142 > ------------------------------------------------------------------ > > > > > > > > "David Orchard" <david.orchard@bea.com> > 02/20/2002 12:38 AM > > > To: <reagle@w3.org>, Noah Mendelsohn/Cambridge/IBM@Lotus > cc: "'www-xenc-xmlp-tf'" <www-xenc-xmlp-tf@w3.org>, "'xml-dist-app'" > <xml-dist-app@w3.org>, "'xml-encryption'" <xml-encryption@w3.org> > Subject: RE: XMLP/XMLE Use cases and processing models > > > Joseph, > > I'm not suggesting that XMLE try to automatically make pre-existing > applications XML Encryption aware. I don't follow how you get that > extraordinary claim. I'm suggesting that documents have content-type of > application/xenc+xml for documents containing XMLE where XMLE decryption > MUST be done to interpret the contents according to the namespace names > within. > > Imagine I took a SOAP document and encrypted a big chunk of it,ie > <soap:envelope><xenc:encrypteddata>...</xenc:encrypteddata></soap:envelope>. > The SOAP processor knows nothing about the soap document as encryption > happened "afterwards". When such a document was sent, decryption would be > required first. After decryption, then a SOAP processor would know what > to > do with it. While this particular document is encrypted, it is NOT a SOAP > document as per the soap namespace name nor media type. > > Making such a document have a media-type of application/xenc+xml ensures > that the document can be dispatched to the correct piece of software, > which > you can't do if it has media-type application/soap. > > Again, this is not changing the SOAP spec in any way. > > Cheers, > Dave > > >>-----Original Message----- >>From: Joseph Reagle [mailto:reagle@w3.org] >>Sent: Tuesday, February 19, 2002 10:43 AM >>To: noah_mendelsohn@us.ibm.com; david.orchard@bea.com >>Cc: 'www-xenc-xmlp-tf'; 'xml-dist-app'; 'xml-encryption' >>Subject: Re: XMLP/XMLE Use cases and processing models >> >> >> >>Exactly. Applications which use to use XML Encryption or >>otherwise expect >>to have elements from other namespaces need to be savvy about >>what they >>want to do (e.g., encrypt the content of a SOAP:Header) and >>how they want >>to do it (e.g., write a flexible, create a new namespace ,etc.) >>Applications that haven't done this might have to take some >>other steps >>which won't as easy and straightforward but it's their call. >>There's no >>solution that automatically makes all pre-existing XML >>applications XML >>encryption aware or capable in every possible scenario -- >>like encryption >>the SOAP header itself. >> >>On Monday 18 February 2002 20:21, noah_mendelsohn@us.ibm.com wrote: >> >>>which is indeed not valid SOAP, suggesting the need for a >>> >>new media type. >> >>>But... that's not how you would use SOAP IMO. I suggest instead: >>> >>> <SOAP:Envelope xmlns:soap="..." > >>> <SOAP:Header> >>> <xenc:EncryptedData xmlns:xenc="..." >>> SOAP:mustUnderstand="true" >>> SOAP:role="decryptingIntermediary"> >>> ... >>> </xenc:EncryptedData> >>> </SOAP:Header> >>> <SOAP:Body> >>> ...leave empty or put dummy element here >>> ...if you don't want unencrypted data >>> </SOAP:Envelope> >>> >>-- >> >>Joseph Reagle Jr. http://www.w3.org/People/Reagle/ >>W3C Policy Analyst mailto:reagle@w3.org >>IETF/W3C XML-Signature Co-Chair http://www.w3.org/Signature/ >>W3C XML Encryption Chair http://www.w3.org/Encryption/2001/ >> >> > > > >
Received on Monday, 25 February 2002 12:16:09 UTC