XML-Encryption Requirements

Draft 2000-October-06

This version:
Latest version:
Previous version:
Joseph Reagle <reagle@w3.org>

Copyright  2000 The Internet Society & W3C (MIT, INRIA, Keio), All Rights Reserved. W3C liability, trademark, document use and software licensing rules apply.

Status of this Document

This is rough draft intended to start discussion in preparation of the XML Encryption Workshop. This document has no standing whatsoever.

This document does not represent consensus. Instead, it is the author's attempt to show requirements and alternatives within the scope already out-line in the XML-Encryption Call for Proposal. Furthermore, it may include things that are not well stated, as well as provocative or contrary positions (or alternative wordings) in order to elicit review and discussion. It's roughly based on the authors understanding of {Imamura}, {SL}, {C2000} and other discussion and proposals, though my characterizations may be in error. Positions which are potentially in conflict are specified as a list of lettered points. For example:

  1. Extensibility
    1. Position
    2. Alternative/Contrary Position

Citation of a source (e.g., {source}) in no way indicates that is the originator or sole supporter of that requirement, it just helps me keep track of at least one source/motivation of the requirement.

Please send comments to the editor <reagle@w3.org> and cc: the list  xml-encryption@w3.org (achives) Publication of this document does not imply endorsement by the W3C membership. This is a draft document and may be updated, replaced or obsoleted by other documents at any time.



This document lists the design principles, scope, and requirements for the XML Encryption. It includes requirements as they relate to the encryption syntax, data model, format, cryptographic processing, and external requirements and coordination.

Table of Contents

  1. Introduction
  2. Design Principles and Scope
  3. Requirements
    1. Encryption Data Model and Syntax
    2. Cryptography
    3. Processing
    4. Misc
    5. Coordination
  4. References

1. Introduction

The XML 1.0 Recommendation [XML] describes the syntax of a class of data objects called XML documents. There is interest in specification of XML syntax and processing used to encrypt digital content, including portions of an XML documents and protocol messages. This documents provides requirements for such an activity -- as well as provocation and alternative requirements.

2. Design Principles and Scope

This section describes requirements over intended result, how these motivations are realized are addressed in subsequent sections.

  1. The XML Encryption specification will describe how to a digitally encrypt a Web resource in general, and an XML document in particular.  {Imamura, SL}
    1. An XML Encryption can apply to a part or totality of an XML document.
      1. Granularity of encryption is limited to an element. {Imamura}
      2. Granularity of encryption includes attribute values and element content. {SL}
      3. Granularity of encryption includes any Information Set Item. {List: Reagle}
    2. Encryption can be recursive. {Imamura, SL}
  2. The mechanisms of encryption will be simple: describe how to encrypt/decrypt digital content, XML documents, and portions thereof. {Reagle}
    1. Only enough information necessary for decryption need be provided. {Reagle}
    2. The specification will not address the confidence or trust applications place in the provision of a key, nor mechanisms of key establishment. {Reagle}
  3. The only key structures that will be defined relate to those necessary to decrypting opaque content. {Reagle}
    1. The specification will address both key-encrypting-keys and data keys. {Reagle}
    2. Other key structures should be developed under a different namespace. {Reagle}
  4. The specification will not address authorization and access control. {List: Reagle, Simon, Kudoh}
  5. The specification will not address authentication. {List: Reagle}
  6. The specification will use pre-existing data models (e.g., Information Set) and canonicalization methods (e.g., Canonical XML) unless it can explicitly justify the need for a new one. {Reagle}
  7. Implementation/Design Philosophy
    1. Parser
      1. Implementations must work with pre-existing parsers. {MyProof}
      2. Implementations must rely upon namespace aware and schema validating parsers. {Reagle}
    2. XML Instances
      1. Implementations must work over pre-existing XML. {MyProof}
    3. XML Processing, the transformation/processing model should be
      1. Fast {List: Ferguson}
      2. Memory efficient {List: Ferguson}
      3. Work with tree and event based parsers {List: Ferguson}


3. Requirements

Encryption Data Model and Syntax

  1. An encrypted object is XML. {Imamura, SL}
  2. The XML Encryption data structures will be predicated on: {Reagle}
    1. the RDFS schema within the Information Set specification [Infoset]
    2. [XSet]
    3. ...
  3. An XML Encryption application must be able to use and understand {Reagle}
    1. XML-namespaces [XML-namespaces].
    2. XML Schema [XML-schema]
  4. XML Encryption can be applied to any Web resource -- including non-XML content.    {Imamura, SL}
  5. Encrypted objects are first class objects themselves and consequently can be referenced and signed. {Reagle}
  6. Algorithm Identification
    1. Whenever possible, any resource or algorithm is a first class object, and identified by a URI.   {Imamura, SL}


  1. The solution must work with arbitrary encryption algorithms, including symmetric and asymmetric keys schemes as well as dynamic negotiation of keying material. {Imamura, SL}
    1. The specification will not address key establishment  methods. {Reagle}
  2. The specification must specify at least one mandatory to implement canonicalization, hash, and encryption algorithm. {Reagle}
    1. Encryption
      1. TripleDES {List: Ferguson}
      2. AES {List: Ferguson}
    2. Canonicalization
      1. Canonical XML [XML-C14N]


  1. ...


  1. Validity (attempt 1:instances)
    1. upon encryption
      1. must still be valid in the original namespace. {List: Reagle}
      2. must be only well formed. {List: Reagle}
      3. must be valid in a new namespace with modified schema. {List: Reagle}
    2. upon decryption
      1. must be as valid as the original {List: Reagle}
  2. Validity  (attempt 2:parsers)
    1. XML Encryption applications need only operate over well formed namespace-aware XML. {Reagle}
    2. XML Encryption applications must be schema aware and permit alterations to the target such that encryption modifications are made where permitted by its schema content model? (What happens if forbid by schema?) {Reagle}
    3. XML Encryption applications must not violate the DTD/schema valid of the target instance. "We have encountered several applications where the customer wishes to encrypt attribute or element CDATA without changing, adding, or deleting any XML tags." {MyProof}
      1. To satisfy this requirement the document to be encrypted SHOULD be referenceable from an external document via XPath. {MyProof}
      2. Any "[XPath] feature causes serious performance problems because the document must be fully buffered in order to apply the XPath expression." {Andy Clark}
  3. The processing model should be based on:
    1. Application specific logic {List: Ferguson}
    2. XSLT  {List: Ferguson}
    3. XPath {MyProof}
    4. XLink {List: Maruyama}
  4. Should we have transforms? {List: Reagle/Geuer-Pollmann}
  5. The ways to reference data once encrypted, or supportin information should be referenced via:
    1. URI+IDs
    2. XPath expressions
    3. XLink (provides bidirectional)


  1. @@Where did we stand on the issue of email headers encryptor/recipient?


The XML Encryption specification should meet the requirements of (so as to support) or work with the following applications:

  1. XML Authorization {List: Scherling, Damiani}
  2. [XML Protocols] {Reagle}
  3. [XML Signature] {Reagle}

To ensure the above requirements are adequately addressed, the XML Encryption specification must be reviewed by a designated member of the following communities:

  1. XML Schema Working Group {Reagle}
  2. XML Core Working Group {Reagle}
  3. XML Protocol Working Group {Reagle}
  4. Internationalization Interest Group {Reagle}

Intellectual Property

  1. The specification should be free of encumbering technologies: requiring no licensing fees for implementation and use. {List: Ferguson}

4. References

Another proposal of XML Encryption, Takeshi Imamura (Mon, Aug 14 2000)
Crypto 2000 XML Encryption BoF (minutes). Santa Barbara. August 24 .
Document Object Model Core, Level 3. Arnaud Le Hors. W3C Working Draft.
XML Encryption List (an unmoderated and unchartered publis list).
MyProof Position Paper On XML Encryption
XML Information Set, W3C Working Draft. John Cowan.
XML Encryption strawman proposal Ed Simon and Brian LaMacchia (Wed, Aug 09 2000)
Extensible Markup Language (XML) 1.0 Recommendation. T. Bray, J. Paoli, C. M. Sperberg-McQueen. February 1998.
Canonical XML. Working Draft. J. Boyer. September 2000.
Namespaces in XML Recommendation. T. Bray, D. Hollander, A. Layman. Janaury 1999.
XML Schema Part 1: Structures Working Draft. D. Beech, M. Maloney, N. Mendelshohn. April 2000.
XML Schema Part 2: Datatypes Working Draft. P. Biron, A. Malhotra. April 2000.
XML-Signature Syntax and Processing. Working Draft. D. Eastlake, J. Reagle, and D. Solo.
Full Fidelity Information Set Representation. Jonathan Borden. XML-Dev
RFC2396. Uniform Resource Identifiers (URI): Generic Syntax. T. Berners-Lee, R. Fielding, L. Masinter. August 1998