- From: Ed Simon <edsimon@xmlsec.com>
- Date: Thu, 16 May 2002 14:52:14 -0400
- To: "Dournaee, Blake" <bdournaee@rsasecurity.com>, <xml-encryption@w3.org>
- Cc: "Hammond, Ben" <bhammond@rsasecurity.com>
Yes, the way I suggested was application-specific (not interoperable) but I was assuming the scenario was considered application-specific. One early design principle of XML Encryption was that unless a strong, convincing case (eg. real apps demand it) could be made for supporting an encryption scenario, supporting that scenario would NOT become a requirement. You could say that the unwritten rule is that uncommon scenarios are to be handled by scenario-specific approaches such as the one I suggested. Regards, Ed ----- Original Message ----- From: "Ed Simon" <edsimon@xmlsec.com> To: "Dournaee, Blake" <bdournaee@rsasecurity.com>; <xml-encryption@w3.org> Cc: "Hammond, Ben" <bhammond@rsasecurity.com> Sent: Thursday, May 16, 2002 8:34 AM Subject: Re: Encryption Subset Scenario > The appropriate solution, in accordance with XML Encryption, would be > > <doc> > <EncryptedData > Type='http://www.w3.org/2001/04/xmlenc#Element'...>...</EncryptedData> > <EncryptedData > Type='http://www.w3.org/2001/04/xmlenc#Element'...>...</EncryptedData> > <elem3> foo3 </elem3> > </doc> > > I take it, by your note, you feel this solution is redundant. Is this > because the elements are contiguous and you were going to use the same > encryption parameters for both elements anyway? > > Ed > > ----- Original Message ----- > From: "Dournaee, Blake" <bdournaee@rsasecurity.com> > To: <xml-encryption@w3.org> > Cc: "Hammond, Ben" <bhammond@rsasecurity.com> > Sent: Wednesday, May 15, 2002 3:35 PM > Subject: Encryption Subset Scenario > > > > All - > > > > Given an input Document D: > > > > <doc> > > <elem1> foo1 </elem1> > > <elem2> foo2 </elem2> > > <elem3> foo3 </elem3> > > </doc> > > > > I want to encrypt just the first two child elements (<elem1> and <elem2>). > > This doesn't appear to fit the definition of > > Type='http://www.w3.org/2001/04/xmlenc#Element', which suggests a single > > element, or Type='http://www.w3.org/20001/04/xmlenc#Content' > > which suggests that all three elements must be encrypted (elem1, elem2 and > > elem3). > > > > Choosing to treat the first two elements as arbitrary plaintext also seems > > overkill, and if so, this ruins the XML semantics. I cannot > > treat it as text/xml, because this document subset is not well-formed. > > Treating it as text/plain looses all of the XML semantics. > > > > The obvious solution is to create two <EncryptedData> elements, but this > is > > redundant. Another solution is an XPath transform, but this > > doesn't exist for XML Encryption. > > > > Am I missing something here? Is there an obvious solution to this? It > seems > > like a simple case that might have been overlooked. > > > > Thanks, > > > > Blake Dournaee > > Toolkit Applications Engineer > > RSA Security > > > > "The only thing I know is that I know nothing" - Socrates > > > > > > > > > > >
Received on Thursday, 16 May 2002 14:50:41 UTC