Re: Why is Except limited to local fragments? from Joseph Reagle on 2002-02-28 (xml-encryption@w3.org from February 2002)

From: Joseph Reagle <reagle@w3.org>
Date: Thu, 28 Feb 2002 14:30:33 -0500
To: "Hiroshi Maruyama" <MARUYAMA@jp.ibm.com>
Cc: "Takeshi Imamura" <IMAMU@jp.ibm.com>, xml-encryption@w3.org
Message-Id: <200202281930.OAA13749@tux.w3.org>

On Thursday 28 February 2002 00:00, Hiroshi Maruyama wrote:
> The input to the decrypt tranform is a node set.  The decrypt transform
> tries to decrypt all the <enc:EncryptedData> in this node set.  Since all
> the node in the node set belong to the same document, there is no need to
> specify any node outside of this document.
> When the signature is a detached one, and the <Reference> refers to some
> portion of an external XML document, the input node set to the decrypt
> transform will be the node set of this external XML document.  So the
> <Except URI="..."/> is always relative to the referenced document.
> Does it make sense?

Yes, I've tweaked the text in section two to hopefully remove some 
redundancy and make this more clear [1]. As an aside, did we consider the 
use of IDREF or is the "non-empty same-document URI reference [URI] (i.e., 
a number sign ('#') character followed by an XPointer expression (as 
profiled by [XML-Signature, Section 4.3.3.2])" give us something better 
than that?

[1] 2 Decryption Transform
This transform requires an XPath node-set [XPath] for input. If an octet 
stream is given as input, it must be converted to a node-set as described 
in The Reference Processing Model (section 4.3.3.2) of the XML Signature 
specification [XML-Signature]. The transform decrypts all the 
enc:EncryptedData elements [XML-Encryption] except for those specified by 
dcrpt:Except elements. dcrpt:Except is defined below via XML Schema 
[XML-Schema] and appears as direct child elements of the ds:Transform 
element.
The REQUIRED URI attribute value of the dcrpt:Except element MUST be a 
non-empty same-document URI reference [URI] (i.e., a number sign ('#') 
character followed by an XPointer expression (as profiled by 
[XML-Signature, Section 4.3.3.2]) and identify an enc:EncryptedData within 
the input to this transform.

-- 

Joseph Reagle Jr.                 http://www.w3.org/People/Reagle/
W3C Policy Analyst                mailto:reagle@w3.org
IETF/W3C XML-Signature Co-Chair   http://www.w3.org/Signature/
W3C XML Encryption Chair          http://www.w3.org/Encryption/2001/

Received on Thursday, 28 February 2002 14:30:38 UTC