- From: Takeshi Imamura <IMAMU@jp.ibm.com>
- Date: Sat, 3 Nov 2001 02:18:02 +0900
- To: reagle@w3.org
- Cc: <hirsch@zolera.com>, <xml-encryption@w3.org>, "Hiroshi Maruyama" <MARUYAMA@jp.ibm.com>
Joseph, >> Shouldn't the URI attribute of the Except element be required? The schema >> says it is optional. > >Ok, I've reflected your tweaks (with my own teaks) and the URI as required >in [new revision: 1.10]. You missed Frederick's tweak about XPointer. Also I think that the third item in Section 2.1.2 is not a restriction but just a note for the function decrypt(). So it should be moved to the definition of the function. >> I also find the function name noDecryptNodes confusing and sugggest an >> alternative: decryptIncludedNodes > >I agree the names are a bit confusing ... On another similar note for >parallelism, if we use "noDecryptNodes" (subject to change) perhaps we >should call the other decryptNode)? Regardless, I defer this and the >following question to Takeshi and Hiroshi (and the list). OK, I try revising the description of the function "noDecryptNodes" as follows: Z = decryptIncludedNodes(X, R) where X is a node-set and R is a set of dcrpt:Except elements specified as a parameter of the transform. Z is a node-set obtained by the following steps: 1. Within X, select e, an element node with the type enc:EncryptedData, such that is not referenced by any dcrpt:Except elements in R. If such e cannot be selected, the algorithm terminates and Z, the result of the transformation, is X. 2. Let C be a parsing context of X. 3. Let Y be decrypt(X, e, C). If this function succeeds, replace X with Y. Otherwise, the implementation MAY signal a failure of the transform. Alternatively, it MAY also continue processing without changing X (although it should take an appropriate means to avoid an infinite loop). 4. Go to Step 1. > I also have a question regarding transform generation. Should the > document be canonicalized before creating the Decryption Transform, as > well as after? Frederick, what do you mean by "document"? The SignedInfo element? If so, you are right. The step for canonicalizing the element should be added. Thanks, Takeshi IMAMURA Tokyo Research Laboratory IBM Research imamu@jp.ibm.com
Received on Friday, 2 November 2001 12:18:14 UTC