RE: Comments on the requirements draft from Ed Simon on 2001-03-23 (xml-encryption@w3.org from March 2001)

From: Ed Simon <ed.simon@entrust.com>
Date: Fri, 23 Mar 2001 13:22:19 -0500
To: xml-encryption@w3.org
Message-ID: <A0E1DEC54ED42F4884DD9EEA00ACE37106D192@sottmxs08.entrust.com>
Insomuch as the statement applies equally to the encryption of
whole elements or element content, I agree that the designers of
applications need to consider what effect introducing node
encryption will have on their system.  In many cases, one will
indeed be able to introduce targeted node encryption with changes
only at the designated encrypting and decrypting points.

In a non-normative "Application considerations" section of the 
"XML Encryption Syntax and Processing" document (not the
Requirements document), I would
agree to a statement like this, where "node encryption"
means "whole element encryption, element content encryption,
and (if we do it) attribute value encryption":

"An advantage of node encryption is that XML systems need only
encrypt precisely what needs to be encrypted and for precisely
who it is being encrypted. Non-sensitive data can remain in 
plaintext.  This means that when incorporating node encryption 
into a system, designers need only change those application 
processes that need access to nodes which have been 
encrypted.  For the system to function properly after node
encryption is introduced, it is important that designers ensure 
that all affected application processes have the necessary
decryption capabilities.  Note that even if a particular node
is not encrypted, designers should consider whether or not its
processing might depend on a node that has been encrypted."


Is this wording satisfactory?
Ed

-----Original Message-----
From: Blair Dillaway [mailto:blaird@microsoft.com]
Sent: Friday, March 23, 2001 11:20 AM
To: Ed Simon; xml-encryption@w3.org
Subject: RE: Comments on the requirements draft


Ed, 
 
From your statement below I assume you agree with the last sentence in
my posting which you left off:
 
    I would like to see us generally warn applications against making
this assumption 
    without thorough consideration of how the existing, non-encrypted,
documents are being
    processed by all potential recipients.
 
 
-----Original Message-----
From: Ed Simon [mailto:ed.simon@entrust.com]
Sent: Friday, March 23, 2001 5:28 AM
To: xml-encryption@w3.org
Subject: RE: Comments on the requirements draft



Blair wrote: 
There have been multiple discussions where 
there is an implicit assumption that one can partially encrypt a 
document, attribute values in particular, while not affecting 
non-encryption aware recipients. 

I reply: 
I certainly agree that one cannot assume this behaviour as the 
default but it does so happen that it does work for some XML 
protocols such as SMIL (see the recent emails regarding my 
work with SMIL for details).  Though a non-encryption-aware 
SMIL processor would be able to handle the encrypted SMIL 
doc, this is because SMIL specifies that if an application 
does not understand a namespace, it should ignore it.  

While agreeing we should not assume this behaviour, I think we 
need to keep in mind that a good number of XML applications will 
have this behaviour. 

Ed
Received on Friday, 23 March 2001 13:22:58 UTC