ISSUE-107: deprecate decryption transform?, see what you sign and workflow
deprecate decryption transform?, see what you sign and workflow
- State:
- CLOSED
- Product:
- free
- Raised by:
- Ed Simon
- Opened on:
- 2009-02-24
- Description:
- http://lists.w3.org/Archives/Public/public-xmlsec/2009Feb/0006.html
http://lists.w3.org/Archives/Public/public-xmlsec/2009Feb/0007.html
http://lists.w3.org/Archives/Public/public-xmlsec/2009Feb/0008.html
http://lists.w3.org/Archives/Public/public-xmlsec/2009Feb/att-0009/00-part (Pratik)
http://lists.w3.org/Archives/Public/public-xmlsec/2009Feb/0011.html
http://lists.w3.org/Archives/Public/public-xmlsec/2009Feb/0013.html
http://lists.w3.org/Archives/Public/public-xmlsec/2009Feb/0014.html
I struggle to find a scenario where all of the following hold:
1) use of the decryption transform is necessary
2) it provides correct guarantees of authentication, privacy and secure operation in the presence of an adversary
3) it is more appropriate than specifying ordering explicitly with an XProc workflow, a protocol specification or as an implicit part of application logic
Of these, I'm most opinionated that (2) should not be neglected as a necessary condition of any feature proposed for inclusion in the 2.0 specs.
http://lists.w3.org/Archives/Public/public-xmlsec/2009Feb/0015.html
- Related Actions Items:
- No related actions
- Related emails:
- Re: Sept 29 Meeting Minutes (from Frederick.Hirsch@nokia.com on 2009-09-29)
- issues related to see what sign and decrypt transform (from frederick.hirsch@nokia.com on 2009-02-24)
- ISSUE-107: deprecate decryption transform?, see what you sign and workflow [v.next (Design for XML Signature V Next)] (from sysbot+tracker@w3.org on 2009-02-24)
Related notes:
No additional notes.
Display change log