- From: <edsimon@xmlsec.com>
- Date: Wed, 19 Sep 2001 18:00:07 -0400
- To: Blair Dillaway <blaird@microsoft.com>, reagle@w3.org, Takeshi Imamura <IMAMU@jp.ibm.com>, xml-encryption@w3.org
Blair wrote >we're ambiguous in Step 3.1 about who is responsible for >serializing the data. > I don't think the text is ambiguous because all the steps starts out with "the encryptor must:". Hence all the steps are the Encryptor's responsibility unless otherwise specified. Unless there is a good reason otherwise, I wouldn't want the application to have the handle the serialization of XML Elements and Content. On a related topic, for non-XML data where we require the application to do the serialization (because the Encryptor can't do arbitrary serialization), does it make sense to allow the application to provide a hint in <EncryptedData> how the the serialization was done? I'm thinking of the receiving end, where the Decryptor want's to de-serialize the data and wants to know how the serialization was done. Ed ----------------------------------------------------------------------------------------------- Ed Simon XMLsec Inc. Interested in XML Security Training and Consulting services? Visit "www.xmlsec.com".
Received on Wednesday, 19 September 2001 18:05:10 UTC