Re: Serialization and canonicalization from Hiroshi Maruyama on 2000-11-17 (xml-encryption@w3.org from November 2000)

From: Hiroshi Maruyama <MARUYAMA@jp.ibm.com>
Date: Fri, 17 Nov 2000 16:39:57 +0900
To: xml-encryption@w3.org
Message-ID: <OF8ED34ED5.123500A0-ON4925699A.000B9D4F@LocalDomain>
Joseph,
Sorry for late reply -- I was on road and came back yesterday.

<Joseph>
I remember asking a question on this, thinking I understood once you
answered, and now I remember my question again. Is the data model you speak
of used to describe the encrypted content (for instance if we went beyond
elements) or for the actual serialization? If for serialization, what
exactly do you mean? Are you suggesting an alternative to Canonical XML
(which is based on  XPath, not Infoset) that also addresses internet subset
issues?
</Joseph>

The data model I speak of is to be used to describe the content to be
encrypted
as well as the decrypted content.  Within the given data model, the content
before encryption and the content after decryption must be equivalent.

For example, the encryption process works on given element information
item.  The
information item and its all descendent information items are serialized
and encrypted.
By defining the encryption process in this way, we can be clear about
things like:

 - White spaces within a tag (i.e., those between attributes) are not
preserved
    (not encrypted)
 - Character encoding scheme is not preserved
 - Default attribute values are preserved

depending on the data model we use.  Once the data model is fixed, then we
can define a serialization method for the data model.

No, I am not suggesting an alternative to C14N.  The data model could be
the
XPath data model.  I use Information Set in a broader sense (partly because
W3C Information Set is not fixed yet).

Hiroshi


--
Hiroshi Maruyama
Manager, Internet Technology, Tokyo Research Laboratory
+81-46-215-4576
maruyama@jp.ibm.com



From: "Joseph M. Reagle Jr." <reagle@w3.org> on 2000/11/15 05:25

Please respond to "Joseph M. Reagle Jr." <reagle@w3.org>

To:   Hiroshi Maruyama/Japan/IBM@IBMJP
cc:   "Public XML Encryption List" <xml-encryption@w3.org>
Subject:  Re: Serialization and canonicalization



At 09:25 11/13/2000 +0900, Hiroshi Maruyama wrote:
>As long as the data model (or information set) is preserved, any
>serialization method will do.  C14N satisfies this property and
>is implemented for XML Signature anyway, I think it is reasonable
>to reuse the C14N standard.

Right.

>By the way, I believe this discussion is exactly why I insist that
>the processing model of XML Encryption should be defined using
>the XML InfoSet (or equivalent data model).  It may free us from
>confusing questions such as character encoding, default
>attribute values, external entities, data types, and so on.

I remember asking a question on this, thinking I understood once you
answered, and now I remember my question again. Is the data model you speak
of used to describe the encrypted content (for instance if we went beyond
elements) or for the actual serialization? If for serialization, what
exactly do you mean? Are you suggesting an alternative to Canonical XML
(which is based on  XPath, not Infoset) that also addresses internet subset
issues?


__
Joseph Reagle Jr.
W3C Policy Analyst                mailto:reagle@w3.org
IETF/W3C XML-Signature Co-Chair   http://www.w3.org/People/Reagle/
Received on Friday, 17 November 2000 02:40:11 UTC