[xmlsec] Encryption and namespace

[Daniel Veillard]

On Tue, Mar 23, 2004 at 08:15:27AM -0800, Aleksey Sanin wrote:
> 
> >  It seems to me that the solution from a DSig point of view is an 
> >  extension
> >of the XML parsing rules, that should be looked at from a standard 
> >perspective
> >(Aleksey, could you carry this on the W3C/IETF Working Group ?)... 
> This is not XML DSig but XML Encryption spec. The spec says
> (http://www.w3.org/TR/xmlenc-core/#sec-Processing-Decryption):
> 
>    The decryptor SHOULD support the ability to replace the
>    EncryptedData element with the decrypted 'element' or element
>    'content' represented by the UTF-8 encoded characters. The
>    decryptor is NOT REQUIRED to perform validation on the result of
>    this replacement operation.
> 
> I think the spec is correct. It does not say *how* to replace the
> element or content.

  is the decryptor required to perform "parsing" ? 
The problem is that to know that the UTF-8 encoded characters contains
character which are okay for an XML document, in theory parsing is required
and parsing is only defined theorically in a document wide way.

> The xmlsec implementation tries to do it without
> serializing the whole tree and parsing it back but this might not be
> possible. I still need to take a look at the option "parse in the
> context". For example, if I can register known to me namespaces in the
> parser context then this would solve the problem.

  That's an implementation issue. Parsing a substring within a node context
could be a useful addition to libxml2 API, I'm not saying it's impossible
but I try to understand the real scope of the problem, in order to get
the right solution. There is more than just in-scope namespaces which are
inherited from a document, like entities ...

Daniel

-- 
Daniel Veillard      | Red Hat Network https://rhn.redhat.com/
veillard at redhat.com  | libxml GNOME XML XSLT toolkit  http://xmlsoft.org/
http://veillard.com/ | Rpmfind RPM search engine http://rpmfind.net/