Re: Why is Except limited to local fragments? from Joseph Reagle on 2002-03-08 (xml-encryption@w3.org from March 2002)

From: Joseph Reagle <reagle@w3.org>
Date: Fri, 8 Mar 2002 14:59:09 -0500
To: merlin <merlin@baltimore.ie>
Cc: "Takeshi Imamura" <IMAMU@jp.ibm.com>, "Hiroshi Maruyama" <MARUYAMA@jp.ibm.com>, xml-encryption@w3.org
Message-Id: <200203081959.OAA08366@tux.w3.org>

On Friday 08 March 2002 13:41, merlin wrote:
> >If an xenc:EncryptedData element node being decrypted is the first node
> > in X, the value of its Type attribute MUST NOT be  xenc;Content. This
> > prevents an ill-formed XML document with element content appearing at
> > the start of the document. If the xenc:EncryptedData is not the first
> > node in X, the value MUST be  xenc;Element or  xenc;Content. This
> > prevents binary data from appearing out of place in an XML document.
>
> I think this paragraph looks good, although "with element content
> appearing" should perhaps be "with invalid content appearing"?

I struggled with that, perhaps I should reuse the "ill-formed" again. 
Binary data can appear if it's in CDATA I think, so I don't want to make it 
seem like that could never happen. (And invalid content seems to presume 
validation...)

> Should we generalize to allow a single non-XML EncryptedData
> to appear anywhere in the excepted input, rather than requiring
> that non-XML EncryptedData be the root node?
>
> ... If the xenc:EncryptedData is not the first node in X, and its
> type is neither &xenc;Element nor &xenc;Content, then it MUST
> be the only xenc:EncryptedData in X not referenced by an Except
> element. This prevents mixed decryption of XML and non-XML data,
> and restricts the decryption transform to a single piece of
> binary data at a time.
>
> I'm not terribly pushed on this, it might just make some uses
> easier; for example, I can reference an external XML document
> containing one piece of encrypted binary data that is not the
> root, without using an XPath transform to select the encrypted
> data element; somewhat like the base-64 transform ignoring XML
> data.

I don't feel very strongly but I would prefer not.

-- 

Joseph Reagle Jr.                 http://www.w3.org/People/Reagle/
W3C Policy Analyst                mailto:reagle@w3.org
IETF/W3C XML-Signature Co-Chair   http://www.w3.org/Signature/
W3C XML Encryption Chair          http://www.w3.org/Encryption/2001/

Received on Friday, 8 March 2002 16:44:24 UTC