OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xri message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [xri] xml dsig profile

The implementations has been there for a long time for XML Dsig, and the developer experience has been mixed, usually, not so good. That is one of the reason that SAML has come up with Simple Sign profile to start with. (Note: The author of the SAML Simple sign is the author of the article Bill has quoted.)

I agree the bulk of the problem came from the canonicalization portion of XML Dsig. When we talk about the "validation" of the software, if we introduce new canonicalization method, it goes void, I think. If we are relying on Approved XML Dsig library, then I would just use the standard XML Dsig.

So, for me, choice is between using standard XML Dsig or SAML Simple Sign style one.

I would also like to hear an input from people in SSTC on the rational they came up with Simple Sign.

Also, note that XML Dsig implementation on the scripting languages are wrappers on C library, and it may not be feasible to use them in many hostin environment. So, we might want to take this into consideration as well.

=nat

________________________________________
差出人: Brian Eaton [beaton@google.com]
送信日時: 2009年2月3日 10:36
宛先: xri@lists.oasis-open.org
CC: Dirk Balfanz
件名: [xri] xml dsig profile

I've written up a detailed specification for simple signatures of
arbitrary XML documents.  It's here:
http://wiki.oasis-open.org/xri/XrdOne/XmlDsigProfile

I started off trying to spec out the format described on the
XrdOne/SimpleSign wiki, and quickly realized I was duplicating a ton
of work already done by the XML DSig specification.  Bill Barnhill's
comment on that wiki page suggesting an XML DSig profile struck me as
a better approach.

(Dirk: this is different than the syntax and code I sent you last
week, but not that different. =)

Cheers,
Brian

---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail.  Follow this link to all your TCs in OASIS at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]