OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xri message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [xri] XML DSig

I think this argument may have been valid 2 or 3 years ago with SAML.   
I'm not sure that it holds any more.

  - http://www.w3.org/Signature/#Code
  - http://identitymeme.org/categories/markup/xml/xmldsig/
  - http://xmlsig.sourceforge.net/

Granted, I'm not sure what the status of these libraries are. But  
given how long SAML has been around and how many different people have  
worked on this, I have no doubt there is at least one "good enough"  
implementation for most any given language.

-will


On May 26, 2009, at 2:00 PM, George Fletcher wrote:

> Basically, the desire was to use a signing mechanism like that  
> enabled with the SAML Simple Sign binding. This requires no  
> canonicalization and is easy to implement in scripts. Note that perl  
> and ssh are great tools for testing this kind of signing. Good  
> library support may be possible for php and java... but it really  
> needs to carry over to all the other languages like ruby, python,  
> perl, et. al. This is where the canonicalization does become "hard".  
> That said, I'm not totally opposed to using XMLDSig if that's where  
> the TC goes, but I do think it will slow down adoption in the non- 
> mainstream languages.
>
> Thanks,
> George
>
> Will Norris wrote:
>> I'm sure this must have been discussed before, but it was before I  
>> got involved with the TC.  Why are we not using XML DSig for  
>> signing XRD?  I just got off a Shibboleth call where we were  
>> discussing the scope of work for adding OpenID and XRD support to  
>> Shibboleth, and several people (Scott Cantor included, of course)  
>> asked why weren't using XML DSig.  I didn't actually know the  
>> answer.  I've certainly wondered that myself, but kinda took it at  
>> face value that there was a good reason.  Is there?  Is it really  
>> just that XML Canonicalization is "too hard"?  If that's it, then  
>> isn't the answer to just write better libraries ONCE and be done  
>> with it?  Was there something else brought up in past discussions?
>>
>> If there is a good reason, that's fine... I'd just be a little  
>> embarrassed (especially as a developer) if all we have is "it's too  
>> hard".
>>
>> -will
>>
>> ---------------------------------------------------------------------
>> To unsubscribe from this mail list, you must leave the OASIS TC that
>> generates this mail.  Follow this link to all your TCs in OASIS at:
>> https://www.oasis-open.org/apps/org/workgroup/portal/ 
>> my_workgroups.php
>
> ---------------------------------------------------------------------
> To unsubscribe from this mail list, you must leave the OASIS TC that
> generates this mail.  Follow this link to all your TCs in OASIS at:
> https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]