Re: Decryption Transform processing question from Ari Kermaier on 2002-05-01 (xml-encryption@w3.org from May 2002)

From: Ari Kermaier <arik@phaos.com>
Date: Wed, 01 May 2002 10:52:27 -0400
To: "Takeshi Imamura" <IMAMU@jp.ibm.com>, reagle@w3.org
Cc: "Hiroshi Maruyama" <MARUYAMA@jp.ibm.com>, xml-encryption@w3.org
Message-Id: <5.1.0.14.2.20020501103148.02b04020@verio.phaos.com>

> >I'll defer to the authors if they want to suggest a change that  (1)
>limits
> >the likelyhood of your confusion arising again, (2) adds "If serialization
> >is necessary" to step 1 in decryptOctects (or remove it all-together?),
>and
> >(3) a similar "if" for steps 2 and 3 in decryptXML depending on the
> >presense of namespaces.
>
>I think that step 1 in both decryptXML() and decryptOctets() can be removed
>because serialization is performed only for generating a whole node-set
>from an octet stream containing a decrypted part.  But if step 1 is
>removed, we have to add to step 3 some text saying that X is converted to
>an octet stream with replacing an encrypted part with its decrypted one,
>and then is wrapped in the context of C.

I agree. How about something like the following (after removing Step 1):

Y = decryptXML(X, e, C)

         where X is a node-set, e is an element node with the type
         xenc:EncryptedData in X, and C is a parsing context of X.
         Y is a node-set obtained by the following steps:

1.      Decrypt e and replace it with the resulting octet stream
         according to the XML Encryption specification [XML-Encryption]
         (which may require serializing X).

2.      Wrap the result of Step 2 in the context of C as specified in Text
         Wrapping (Appendix A).

3.      Parse the wrapped octet stream as described in The Reference
         Processing Model (section 4.3.3.2) of the XML Signature
         specification [XML-Signature], resulting in a node-set.

4.      Y is the node-set obtained by removing the root node, the wrapping
         element node, and its associated set of attribute and namespace
         nodes from the node-set obtained in Step 3.

Y' = decryptOctets(X, e)

         where X is a node-set and e is an element node with the type
         xenc:EncryptedData in X. Y' is an octet stream obtained by
         decrypting e according to the XML Encryption specification
         [XML-Encryption].


Ari Kermaier    arik@phaos.com
Senior Software Engineer
Phaos Technology Corp.    http://www.phaos.com/

Received on Wednesday, 1 May 2002 10:49:43 UTC