Re: XMLP Comments to XMLE LC

On Friday 14 December 2001 14:31, David Fallside wrote:
> [1]

With respect to David's comment:
>  The comments
> are around the usage scenarios of SOAP with XMLE, and the
> processing model under validation and transformation.

Such a document would be useful. Consequently, after your first comment I 
took the initiative of creating a list, with the folks who said they were 
interested, [a] upon which we could build up a set of scenarios. I also 
took at stab contributing a scenario [b] with questions. After a few 
requests, Yves sent a comment off-list (thank you) on my scenario but no 
further contributions nor comments were made. Most of the questions 
identified are application questions which are specifically out-of-scope of 
XENC. So I'm happy to help and contribute but "scenarios and 
recommendations regarding the affects and requirements of XML Encryption 
processing on XML parsing and validation" is purposefully identified as 
optional in our charter, which means if folks don't contribute it doesn't 
happen. (Actually, I expect these issues to get more attention in CR while 
folks play with using these two implementations together.)


> provides a schema, it presumably must be used by an XML Schema validator.

Schema validation is not required. There's a sentence in the xmldsig spec 
that makes this clear that I forget to carry forward to xenc, the editors' 
copy now says, "Implementation MUST generate laxly schema valid 
[XML-schema] EncryptedData or EncryptedKey as specified by the subsequent 
schema declarations. "

> We suggest that the XMLE group should provide documentation
> that describes the expected processing and validation model for documents
> containing XMLE content.

This is up to those applications as agreed to at our Workshop [c] and  
since represented in the requirements document [d].

    2. XML Instance Validity {[66]WS}
         1. Encrypted instances must be well-formed but need not be valid
            against their original definition (i.e. applications that
            encrypt the element structure are purposefully hiding that
         2. Instance authors that want to validate encrypted instances
            must do one of the following:
              1. Write the original schema so as to validate resulting
                 instances given the change in its structure and
                 inclusion of element types from the XML Encryption
              2. Provide a post-encryption schema for validating
                 encrypted instances.
              3. Only encrypt PCDATA text of element content and place
                 its decryption and key information in an external
                 document. (This requires [67]granular detached /external

> This would certainly help for groups that have publicly stated intensions
> of use SOAP and XMLE, such as OASIS SAML.

If they're considering any of the options above, or other more clever 
approaches, I'm happy to work with any of them on it.


Joseph Reagle Jr.       
W3C Policy Analyst      
IETF/W3C XML-Signature Co-Chair
W3C XML Encryption Chair


Joseph Reagle Jr.       
W3C Policy Analyst      
IETF/W3C XML-Signature Co-Chair
W3C XML Encryption Chair

Received on Friday, 14 December 2001 17:25:50 UTC