[xmlsec] Encryption and namespace

Matthias Jung matthias.jung at xtradyne.com
Tue Mar 23 09:31:35 PST 2004


Aleksey Sanin wrote:
> 
>>   is the decryptor required to perform "parsing" ? 
> 
> Not in the spec. One can dump the document and decrypted piece into
> a string and then parse the whole document back. Not very fast
> and not very efficient :(
> 
>>   That's an implementation issue. Parsing a substring within a node 
>> context
>> could be a useful addition to libxml2 API, I'm not saying it's impossible
>> but I try to understand the real scope of the problem, in order to get
>> the right solution. There is more than just in-scope namespaces which are
>> inherited from a document, like entities ...
> 
> Yes, you are right. It's much more. The general idea behind the spec is
> that you get a piece of XML document and encrypt it, then someone
> decrypts this piece and gets original XML document "as-is".

Which is very important when a document is signed before it is 
encrypted. At least WS Security standard thinks of such scenarios.

Seems to me the functionality 'parsing xml fragments' is the only 
solution to this problem. This also could be very interesting in some 
SAX scenarios.

Matthias



More information about the xmlsec mailing list