RE: Attribute encryption

If there is sufficient need for encrypting attribute values without
encrypting the whole owner element, and I believe there is, then XML
Encryption should do so.  I have detailed a suggested mechanism in previous
messages.
 
Regarding "XML provides a uniform way of structuring data;  XML Encryption
provides a uniform way of encrypting XML's primary structures."  This is my
vision of the purpose of XML Encryption.  If the XML Encryption spec falls
short of specifying a standard for encrypting and decrypting the XML
structures important for the significant majority of applications and
systems, then, in my view, the XML Encryption spec has not met its goal.  In
my view, "the XML structures important for the significant majority of
applications and systems" includes XML elements, element content, attribute
values, and referenced arbitrary data (eg. the secret.gif file referenced by
the element "<image src="secret.gif"/>").
 
Ed

-----Original Message-----
From: Sanjeev Hirve [mailto:shirve@cyberelan.com]
Sent: Wednesday, January 17, 2001 10:29 AM
To: Ed Simon; xml-encryption@w3.org
Subject: Re: Attribute encryption


>One would encrypt a whole XML element when 
>one wants to secure the content and the semantics.  If one wants 
>to preserve the semantics but secure the content of an element, 
>then the result is an encrypted node list. 
Ed,
   Do you thus agree that the same reason should be extended to attributes,
since attributes are equivalent to child nodes from the perspective of data
confidentiality.  In other words, it should be possible to encrypt the
attributes of an element and leave its name in clear.
>XML provides a uniform way of structuring data;  XML Encryption 
>provides a uniform way of encrypting XML's primary structures.

Dont understand this.  Can you please explain. 

Received on Wednesday, 17 January 2001 13:40:54 UTC