Access right and encryption

 

With the option of the MML instance creator, the access right may be assigned for each document (MML basic structure 1.2.1.1.1.1. accessRight). These access right are given in the option of the instance creator. The MML does not define how the access right are used by the receiving side of the instance. Actual access control depends on the user application.

In the MML, encryption of the instance is not specified. The practical method for encryption is selected by the user. However, it is possible to give information for encryption in the encryption information element (MML basic structure 1.1.5. encryptInfo). The expression is not specified.

A possible method for encryption is to encrypt only the body of the MML instance (MML basic structure 1.2. MmlBody) with the public key system and to give information for encryption (encryption method used) in the encryption information element. Obtain the public key of the creator from the creator ID in the creator information (MML basic structure 1.1.1. mmlCi:CreatorInfo). When the data is decrypted, it is applicable for electronic signature.

When all or part of the MML instance is encrypted, it is out of the MML specification in the strict sense. The MML specification applies to the decrypted data only.