- From: merlin <merlin@baltimore.ie>
- Date: Thu, 30 May 2002 20:02:11 +0100
- To: Ari Kermaier <arik@phaos.com>
- Cc: reagle@w3.org, xml-encryption@w3.org
r/arik@phaos.com/2002.05.30/13:44:06 >So I'd support a well-considered variation on the alternative that Merlin >propses below (using any Type URI to signal the presence of XML content), >but the proposal for an XMLType element makes me very uncomfortable. FWIW, I agree with you. XMLType was iteration 1 of my thoughts and I don't like it. In particular, you must formulate the decryption transform at signing time to predict what data will be encrypted and how. I think that using any Type URI to indicate XML content is more flexible and generally useful. However, the problem is that it really needs support from the XML encryption spec. Currently, nothing is said about Type. The xmlenc spec would need to state that ANY instance of the Type attribute indicates that, after processing, the decrypted data will correspond to UTF-8 serialized XML; or, that it is possible to determine, based on a Type attribute, whether the decrypted, processed data will be UTF-8 serialized XML or not. With no such guidance, I don't see how we can rely on Type. Merlin
Received on Thursday, 30 May 2002 15:03:25 UTC