Re: Updated Section 4.

Joseph wrote

>2. Also, I thought we agreed that the encrypt and replace was REQUIRED
to
>implement but optional to use?

When encrypting an XML element or content, the Encryptor must be able to
replace that XML element or content with an <EncryptedData> element.  Whether
it does so, depends on the application's needs.

However, on the receiving end, an <EncryptedData> element in an XML document
does not necessarily stand in place of encrypted document data.  The XML
document may simply be a carrier for the <EncryptedData> element and it
could well be the encrypted XML contains local namespaces that are not known
to the enveloping document.  In this case, it would not make sense to replace
the decrypted data in situ.  On the other hand, if an application discovers
an <EncryptedData> element whose decrypted ciphervalue is to be replace
in situ, then it must be able to make that happen through the Decryptor
module.

Additionally, the current operating view is that even if it does not make
sense to replace the <EncryptedData> element with its decrypted ciphervalue
(eg. unassociated local namespace prefixes), the Decryptor MUST support
the ability to do so anyway.  Implementation experience will ultimately
help us determine if this is the right way.


The text might be clearer this way.  In Section 4.1, step 5.1, change 

"Encryption applications MUST be able to replace the unencrypted Element
or Content with the EncryptedData element.. The application supplies the
XML Document context and identifies the Element or Content being replaced.
The Encryptor must remove the identified XML and insert the EncryptedData
element in its place."

to

"The Encryptor MUST be able to replace the unencrypted Element or Content
with the EncryptedData element.  When an application requires an XML element
or content to be replaced,  it supplies the XML Document context in addition
to identifying the Element or Content to be encrypted.  The Encryptor removes
the identified Element or Content and inserts the EncryptedData element
in its place."


Also, in step 4.2 of section 4.2, replace

"UTF-8 encode XML character" 

with

"UTF-8 encoded XML character"

Ed




-----------------------------------------------------------------------------------------------
Ed Simon
XMLsec Inc.

Interested in XML Security Training and Consulting services?  Visit "www.xmlsec.com".

Received on Wednesday, 22 August 2001 20:24:26 UTC