Re: Decryption transform interop samples

On Wednesday 11 September 2002 02:44 pm, merlin wrote:
> I'm inclined to stick with what we have: Our processing
> basically mirrors xmldsig (some customers do indeed need
> XPointers), and we leave implementors the option of going
> to great lengths to dereference XPointers into replacement
> node sets if they want. 

I'm going to agree. The implementation requirement is to ensure the text is 
well written and to show some evidence of support for the feature. I can't 
forsee any interop problems arising from this (we're just borrowing from 
xmldsig) and the fact that there were enough (optional) full XPointers 
implementations in xmldsig is more relevant to whether we include them here 
than whether we get more implementations in the XENC WG.

> This need will only arise in the case
> that a decryption transform uses a full XPointer and partial
> encryption subsequently occurs to break the exception. I
> don't see this being a common problem. There are many ways
> that partial encryption may break a signature, and this is
> just another of those cases; we provide a warning about the
> use of XPointers in such cases.

The processing text in the edtiors' draft now includes a forward reference 
to the warning.

> In XMLDSIG, the URI #foo is always evaluated in the context of
> the signature document. 

What is confusing me here is the term "signature document". Do we mean the 
document identified by the Reference URI? Or the document that the 
signature occurs in?

Presuming we mean the Reference URI, I've tweaked the text to read, " the 
exception URI may be evaluated against a different document than that 
identified by the ancestor Reference URI."

Received on Wednesday, 11 September 2002 16:07:48 UTC