- From: Ari Kermaier <arik@phaos.com>
- Date: Wed, 01 May 2002 19:56:54 -0400
- To: merlin <merlin@baltimore.ie>
- Cc: reagle@w3.org, "Takeshi Imamura" <IMAMU@jp.ibm.com>, "Hiroshi Maruyama" <MARUYAMA@jp.ibm.com>, xml-encryption@w3.org
I thought that XPath caveat was weird as well, but I believe the confusion
on wrapping is really just an infelicity of the language in the text. When
it says "wrap the decrypted octet stream" I think it really means "wrap the
octet stream resulting from decrypting and replacing e in X". (See
Takeshi's answer to my question in [1].)
Under this reading, I think the following would hold for a signature over
"#foo":
<Bar xmlns:baz="http://example.org/baz">
<Foo xml:something="other" Id="foo">
<enc:EncryptedData ...>...</enc:EncryptedData>
</Foo>
</Bar>
Dereferencing, decrypting and replacing results in:
<Foo xml:something="other" Id="foo">
<plaintext />
</Foo>
Since <Bar>'s namespace is in scope for the first element of the input
node-set, <Foo>, parsing context C is {xmlns:baz="http://example.org/baz",
xml:something="other"}. So the result of wrapping would be:
<dummy xmlns:baz="http://example.org/baz" xml:something="other"><Foo
xml:something="other" Id="foo">
<plaintext />
</Foo></dummy>
Parsing, unwrapping and canonicalizing would result in:
<Foo xmlns:baz="http://example.org/baz" xml:something="other" Id="foo">
<plaintext />
</Foo>
If this is correct, my proposed text in [2] for decryptXML(X, e, C) and
decryptOctets(X, e) would be OK. Am I missing anything?
[1] http://lists.w3.org/Archives/Public/xml-encryption/2002Apr/0119.html
[2] http://lists.w3.org/Archives/Public/xml-encryption/2002May/0002.html
Ari Kermaier arik@phaos.com
Senior Software Engineer
Phaos Technology Corp. http://www.phaos.com/
Received on Wednesday, 1 May 2002 19:54:03 UTC