RE: Attribute encryption

It is easier to ignore a message signature than message encryption.

But XML Signature is certainly not 'transparent' in the sense that the
signature can be scoped to arbitrary message fragments - without the use of
another XML layer.

It is possible to use XSLT or XPath to identify and sign a fragment of an
XML message. It would seem sensible to allow the use of XSLT to allow
encryption of arbitrary fragments of an XML message.

Equally it is possible for applications to profile XSLT and XPATH or avoid
them entirely while using XML Signature. I think that as presently specified
XML Signature and Encryption have compatible and comparable approaches.

		Phill

> -----Original Message-----
> From: Joseph M. Reagle Jr. [mailto:reagle@w3.org]
> Sent: Monday, January 08, 2001 3:34 PM
> To: Sanjeev Hirve
> Cc: Philip Hallam-Baker; xml-encryption@w3.org
> Subject: Re: Attribute encryption
> 
> 
> At 15:11 1/8/2001 -0500, Sanjeev Hirve wrote:
> > >Case 2:
> > >    Message B states only that it is in schema PQR which 
> is the standard 
> > schema for the application and incorporates the XML
> > > encryption schema. The node encryption was considered at 
> the time the 
> > schema was created.
> >In this case, the schema designer, primarily an business 
> expert, must also 
> >tale into account encryption requirements, sometimes there may be 
> >conflicting design goals.  This assumption could be fraught with 
> >pitfalls.  It may be better to keep security as 
> "transparent" as possible.
> 
> In general, this is the approach we took in xmldsig. We could 
> not presume 
> that schema authors would know about xml signature/encryption 
> and design 
> their schema accordingly.
> 
> __
> Joseph Reagle Jr.
> W3C Policy Analyst                mailto:reagle@w3.org
> IETF/W3C XML-Signature Co-Chair   http://www.w3.org/People/Reagle/
> 

Received on Monday, 8 January 2001 17:46:27 UTC