Request for Guidance on XML Encryption changing MedaTypes

I've accepted an action item from TimBL  to register a media (content) type 
for XML Encryption instances [0]. My understanding is that this will be 
used for data objects with the elements in the xml encryption namespace at 
its root. An interesting characteristic of this type is that when an object 
of that type has been processed the result might be a different type (e.g., 
an "image/png" was decrypted).

David Orchard has been good enough to help us explore scenarios involved in 
using xenc with other applications and requested [1] that this media type 
also be associated with any XML content that an XML encryption application 
changes a part of. For instance, one might encrypt the second paragraph of 
an XHTML document .

I'm no expert on this issue but I have a few uninformed concerns.  Do you 
make this change only for items where it invalidates the instance according 
to the schema? What happens if the schema permits the change of content (a 
choice, lax validation, or ANY)? Does this force all XML encryption 
application to be schema valid and to know whether they invalidated a 
document? (The WG has refused requirements on validation and has consensus 
on how to address/scope this issue [2].) What happens if there is no schema 
for the original application, but a DTD? What happens if it is only 
well-formed? What happens if another application expects a similar change 
(e.g., XSLT)?

I will proceed with the registration in accordance with my understanding of 
the action item and in keeping with the longstanding consensus of the WG 
[2], resulting from the March 2001 meeting, unless directed otherwise, at 
which point I will be happy to bring it before the WG. Also, if there is a 
forum where others are welcome to pariticpate on this issue, I will be 
happy to refer them to it but feel David is right in stating this issue is 
bigger than just xenc.

    2. XML Instance Validity {[66]WS}
         1. Encrypted instances must be well-formed but need not be valid
            against their original definition (i.e. applications that
            encrypt the element structure are purposefully hiding that
         2. Instance authors that want to validate encrypted instances
            must do one of the following:
              1. Write the original schema so as to validate resulting
                 instances given the change in its structure and
                 inclusion of element types from the XML Encryption
              2. Provide a post-encryption schema for validating
                 encrypted instances.


Joseph Reagle Jr.       
W3C Policy Analyst      
IETF/W3C XML-Signature Co-Chair
W3C XML Encryption Chair

Received on Friday, 15 February 2002 20:12:58 UTC