- From: Ari Kermaier <arik@phaos.com>
- Date: Wed, 01 May 2002 19:56:54 -0400
- To: merlin <merlin@baltimore.ie>
- Cc: reagle@w3.org, "Takeshi Imamura" <IMAMU@jp.ibm.com>, "Hiroshi Maruyama" <MARUYAMA@jp.ibm.com>, xml-encryption@w3.org
I thought that XPath caveat was weird as well, but I believe the confusion on wrapping is really just an infelicity of the language in the text. When it says "wrap the decrypted octet stream" I think it really means "wrap the octet stream resulting from decrypting and replacing e in X". (See Takeshi's answer to my question in [1].) Under this reading, I think the following would hold for a signature over "#foo": <Bar xmlns:baz="http://example.org/baz"> <Foo xml:something="other" Id="foo"> <enc:EncryptedData ...>...</enc:EncryptedData> </Foo> </Bar> Dereferencing, decrypting and replacing results in: <Foo xml:something="other" Id="foo"> <plaintext /> </Foo> Since <Bar>'s namespace is in scope for the first element of the input node-set, <Foo>, parsing context C is {xmlns:baz="http://example.org/baz", xml:something="other"}. So the result of wrapping would be: <dummy xmlns:baz="http://example.org/baz" xml:something="other"><Foo xml:something="other" Id="foo"> <plaintext /> </Foo></dummy> Parsing, unwrapping and canonicalizing would result in: <Foo xmlns:baz="http://example.org/baz" xml:something="other" Id="foo"> <plaintext /> </Foo> If this is correct, my proposed text in [2] for decryptXML(X, e, C) and decryptOctets(X, e) would be OK. Am I missing anything? [1] http://lists.w3.org/Archives/Public/xml-encryption/2002Apr/0119.html [2] http://lists.w3.org/Archives/Public/xml-encryption/2002May/0002.html Ari Kermaier arik@phaos.com Senior Software Engineer Phaos Technology Corp. http://www.phaos.com/
Received on Wednesday, 1 May 2002 19:54:03 UTC