RE: Comments on the 6 Apr Draft from Blair Dillaway on 2001-05-16 (xml-encryption@w3.org from May 2001)

From: Blair Dillaway <blaird@microsoft.com>
Date: Wed, 16 May 2001 09:11:02 -0700
To: "Joseph M. Reagle Jr." <reagle@w3.org>
Cc: <xml-encryption@w3.org>, "Philippe Le Hegaret" <plh@w3.org>
Message-ID: <AA19CFCE90F52E4B942B27D42349637902CDCCDD@red-msg-01.redmond.corp.microsoft.com>
Thanks for providing this detail on the issues we face in accurately
describing what is being encrypted/decrypted.  I haven't come up with a
specific proposal for how we describe these concepts in terms of an XML
data model, but do plan to spend some time on this.

I do have a question about your statement
     "....it would permit by definition for (a,b) 
      to be encrypted together, without including (c), which
      I don't think is our intent."

I know the WG has agreed to focus on encryption of an Element, or the
children of an Element.  However, an encryptor could take the document
   <1>
       <a/>
       <b/>
   </1>
encrypt the children of '1' giving
   <1>
        <EncryptedData>
            <CipherData>somebase64text</CipherData>
        </EncryptedData>
   </1>
and then add in a child element of '1' with tag 'c' to get
      <1>
        <EncryptedData>
            <CipherData>somebase64text</CipherData>
        </EncryptedData>
        <c/>
      </1>
From the decryptor's perspective, this looks like your sample document
but with a subset of element 1's children encrypted.  I don't see how we
can prevent an application from doing this, nor do I see any reason to
try.  I believe this issue is significant only to the extent the XML
Encryption specification defines a required XML serialization mechanism.
If we do this, then I'd like to keep it simple and only provide a
mechanism that serializes and element or all an element's childrent.
But, if we leave serialization to the application, the application can
be more flexible and choose to only serialize some immediate children of
a given element without impacting the encryption operation or syntax.

Blair


-----Original Message-----
From: Joseph M. Reagle Jr. [mailto:reagle@w3.org]
Sent: Tuesday, May 15, 2001 1:28 PM
To: Blair Dillaway
Cc: xml-encryption@w3.org; Philippe Le Hegaret
Subject: Re: Comments on the 6 Apr Draft


At 09:50 5/4/2001 -0700, Blair Dillaway wrote:
>4.  I would like to suggest we eliminate the distinction between an
>encrypted "Element" and "Element ChildNodeList" in this discussion.

So following up from our call yesterday, to ground this in a specific
term 
with a well-defined meaning:

In Infoset terminology, "There is an element information item for each 
element appearing in the XML document"
http://www.w3.org/TR/2001/WD-xml-infoset-20010316/#infoitem.element

To test this with a scenario:

<1>
   <a/>
   <b/>
   <c/>
</1>

If we want to encrypt 1, there is a corresponding element information
item 
with a children Property including (a,b,c). If we want to encrypt
(a,b,c) 
... it wouldn't be accurate to call this set an element information
item. 
They are the children property of an element information item. (And if
we 
defined our own set of information set items not mapped to the children 
property, it'd be "non-standard" and it would permit by definition for
(a,b) 
to be encrypted together, without including (c), which I don't think is
our 
intent. Also, this set of element information items would include the 
children processing instruction, unexpanded entity reference, character,
and 
comment information items that we need.)


In DOM, there is a NodeList interface: "The NodeList interface provides
the 
abstraction of an ordered collection of nodes, without defining or 
constraining how this collection is implemented. "
http://www.w3.org/TR/DOM-Level-2-Core/core.html#ID-536297177

However, is this so generic so as to not be very useful (see the
definition 
of "interface Node" in 
http://www.w3.org/TR/DOM-Level-2-Core/idl-definitions.html).

However, there is the specific Element interface: 
http://www.w3.org/TR/DOM-Level-2-Core/core.html#ID-745549614  and it 
inherits the childNodes attribute from NodeList Interface:
   readonly attribute NodeList childNodes;
   http://www.w3.org/TR/DOM-Level-2-Core/core.html#ID-1950641247

So (and I'm no expert, particularly on DOM) I find it difficult to come
up 
with a single "word" and definition that accurately and narrowly
captures 
the distinction between and element and its content...?

In Infoset-speak, we're encrypting an element item or its children
property, 
in DOM-speak we're encrypting


__
Joseph Reagle Jr.                 http://www.w3.org/People/Reagle/
W3C Policy Analyst                mailto:reagle@w3.org
IETF/W3C XML-Signature Co-Chair   http://www.w3.org/Signature
W3C XML Encryption Chair          http://www.w3.org/Encryption/2001/
Received on Wednesday, 16 May 2001 13:27:47 UTC