R: proposed approach to XML encryption


As a comment to recent postings, I just wanted to say that our approach
currently allows for specifying fine-grained access control BOTH at the DTD
AND at the single document level. There are several points in common with
the XACL proposal, and we are meeting with Michiharu Kudo (IBM Tokyo
research labs) on October 30th in order to put together a common draft, that
will be posted to the list, as a part of our joint request for a W3C
workshop on the subject of AC standardization.
In the meanwhile, if interested take a look at the new version of our
prototype (follow the research projects link from my unofficial home page
http://www.dreamwater.net/damiani). The prototype code (in Java for Apache
servers)  is available as free software, and we have several users around
the world.
We are currently integrating support alphaworks-style encryption and would
like to work with anyone interested to integrating access control and
encryption (perhaps this topic could be discussed at the encryption workshop
as well?)
comments and suggestions welcome

----- Original Message -----
From: Joseph M. Reagle Jr. <reagle@w3.org>
To: Mark Scherling <mscherling@xcert.com>
Cc: <rnd@xcert.com>; Public XML Encryption List <xml-encryption@w3.org>
Sent: Friday, October 20, 2000 11:16 PM
Subject: Re: proposed approach to XML encryption

> Hi Mark,
> Thanks for posting your thoughts regarding the authorization's
> on XML encryption. ACL and authorization is likely to be out of scope for
> any W3C activity [1] (I think most folks believe such work should happen
> the IETF, or in industry specific domains (e.g., DoD, medical, finance,
> etc.)), just as mandatory key structures and trust was out of scope for
> Signature. So to focus your requirements (and not speak to the substance
> the authorization proposal) what do you see as the _critical
> on encryption? An open content model within an element (i.e. attributes
> an external authorization namespace can be included)?
> In Signature we provided ways for people to include their own KeyInfo (by
> making that an open content model [2]) and trust (by allowing them to
> their own Signature semantic [3]) how do we accommodate authorization
> without actually getting into it?
> My initial reaction is it depends on your authorization model (for which I
> admit there is no standard, but a fair amount of work). My uninformed
> _personal_opinion_ follows:
> 1. Your proposal (in my limited understanding) decorates native content
> encrypted content) with syntax from a authorization namespace. This means
> that elements would need to be changed, so we'd have to define the schema
> accordingly if that's possible.
> 2. Damiani et. al, [4] (in my limited understanding) specify authorization
> at the DTD level. This would be completely orthogonal (and they've done a
> lot of good research) but requires a specifications over DTDs, and I hope
> folks will be moving to schemas regardless.
> 3. XACL [5] (in my limited understanding) uses references to describe the
> ACL policies associated with native content. This requires no change to
> schema, or the content, can be deployed orthogonally, versioned easily,
> can possible tie into RDF/database/semantic-web. You could even have
> multiple authorization policies associated with the content, each signed
> differently as needed.
> Thoughts?
> __
> [1] http://www.w3.org/2000/09/XML-Encryption-Workshop.html
> Related topics that are not part of XML Encryption (though they may
> requirements as an application) are:
>        XML Access Control Policies: specifying policies and mechanisms
> beside encryption that control access to XML content.
> [2] http://www.w3.org/TR/2000/WD-xmldsig-core-20001012/#sec-KeyInfo
> [3] (e.g., http://www.w3.org/2000/10/xmldsig-p3p-profile/ )
> [4] http://www9.org/w9cdrom/419/419.html
> [5] http://www.trl.ibm.co.jp/projects/xml/doccont/xacl_e.htm
> At 13:10 10/20/2000 -0700, Mark Scherling wrote:
> >Attached is a proposed approach that could be used to identify and
> >encrypt content.  It is recognized that some content within certain
> >documents (i.e. medical records) must be view able by different groups
> >with different needs.  The problem is to identify the group, the content
> >they need and to ensure that access is restricted to that content is
> >restricted.  The proposed example includes a simple example of a medical
> >record with an approach using element attributes to identify different
> >elements that require protection from unauthorized users.  The objective
> >is to provide individually accessible elements to meet the needs for
> >diverse access requirements.
> >
> >Please feel free to comment on the approach and I would be happy to
> >present the concept at the next working group session on November 2.
> >
> >Cheers
> >Mark Scherling
> >Xcert International Inc.
> >(604) 640-6210 Ext. 349
> >
> __
> Joseph Reagle Jr.
> W3C Policy Analyst                mailto:reagle@w3.org
> IETF/W3C XML-Signature Co-Chair   http://www.w3.org/People/Reagle/

Received on Saturday, 21 October 2000 04:37:49 UTC