Hi all,
Here are some comments to the encryption profile proposal I uploaded last week
http://www.oasis-open.org/apps/org/workgroup/dss-x/document.php?document_id=25384
(please note that the document contains comments which can be read by
enabling 'show comments' in MS word)
Section 1.5 (Overview) gives a short overview of the protocol's capabilities.
Summarizing, an encryption request consists of one or many encryption keys and
an arbitrary number of data to be encrypted (contents). All data contained in
the request is to be encrypted for all recipients (ie., using all specified
encryption keys).
There are three basic use cases that can be arbitrarily combined:
- parts of a provided XML document can be encrypted and REPLACED by the
resulting xenc:EncryptedData elements
- provided arbitrary (binary) data can be encrypted according to [XMLEnc] or
[CMS] encryption syntax standards (or any other standard to be defined)
(CREATE).
- provided arbitrary (binary) data can be encrypted according to [XMLEnc] and
INSERTED in a provided XML document.
There are some issues that need further discussion:
EP1. Encryption profile as new protocol. I propose to define