* Ali G. wrote: >I was reading previous messages and came across some that were talking >about "Protecting" SVG... I was wondering if it is possible at all or >not. I mean look at the fact that SVG is an "open" format. That means >every part of the specification is well documented for everybody. So >if, only if, at some point there will be a facility to encrypt SVGs >then how will end-user be able to decrypt it in order to play the SVG >file? if the viewer application on the end-user machine can decrypt >the SVG, because of SVG openness, that means any body anywhere else >can decrypt it too.
Well, if you want to make a viewer application you will have to know how to turn data into what you want to present to the user. The kind of "se- curity" you seem concerned about is some way to ensure knowledge about how to make such a viewer application is available only to "trusted" parties; that's not very secure, if untrusted parties have access to one such application they could use or modify it in a way that reveals this knowledge. The main benefit here would be that you make it significantly more difficult for many people to get undesired access to the content, much like "disabling" the right mouse button for HTML documents so people can't use "show source" or "save image as..." functions, or "securing" scripts by rewriting them to use odd variable names, little white-space or some escaping method. You can't really secure digital data using purely technical means, you would have to use more social means like secrets or law enforcement for that. For encryption you'd usually use a secret (a password, a private key, ...) to protect the content. In this case anyone with access to the secret could use the content but others probably not (depending on how difficult it is to "guess" the secret). So the real question here would be how difficult it should be to make undesired and desired use of the content. You might want to investigate how to apply current and future DRM facilities to SVG content, that might be more worthwile than encryption. For XML Encryption you might want to take a look at <http://www.w3.org/TR/xmlenc-core/>. If you are just concerned about third parties publishing modified copies of your work, you might want to investigate digital signatures rather than encryption, <http://www.w3.org/TR/xmldsig-core/>. You can use XML DSig for your existing content and it will work in current viewers, they just don't verify the content yet, but it is not unlikely that support for such facilities becomes more widespread in the not too distand future. -- Björn Höhrmann · mailto:[EMAIL PROTECTED] · http://bjoern.hoehrmann.de Weinh. Str. 22 · Telefon: +49(0)621/4309674 · http://www.bjoernsworld.de 68309 Mannheim · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/ ------------------------ Yahoo! Groups Sponsor --------------------~--> Most low income households are not online. Help bridge the digital divide today! http://us.click.yahoo.com/cd_AJB/QnQLAA/TtwFAA/1U_rlB/TM --------------------------------------------------------------------~-> ----- To unsubscribe send a message to: [EMAIL PROTECTED] -or- visit http://groups.yahoo.com/group/svg-developers and click "edit my membership" ---- Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/svg-developers/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
