[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xri] XML DSig
I think this argument may have been valid 2 or 3 years ago with SAML. I'm not sure that it holds any more. - http://www.w3.org/Signature/#Code - http://identitymeme.org/categories/markup/xml/xmldsig/ - http://xmlsig.sourceforge.net/ Granted, I'm not sure what the status of these libraries are. But given how long SAML has been around and how many different people have worked on this, I have no doubt there is at least one "good enough" implementation for most any given language. -will On May 26, 2009, at 2:00 PM, George Fletcher wrote: > Basically, the desire was to use a signing mechanism like that > enabled with the SAML Simple Sign binding. This requires no > canonicalization and is easy to implement in scripts. Note that perl > and ssh are great tools for testing this kind of signing. Good > library support may be possible for php and java... but it really > needs to carry over to all the other languages like ruby, python, > perl, et. al. This is where the canonicalization does become "hard". > That said, I'm not totally opposed to using XMLDSig if that's where > the TC goes, but I do think it will slow down adoption in the non- > mainstream languages. > > Thanks, > George > > Will Norris wrote: >> I'm sure this must have been discussed before, but it was before I >> got involved with the TC. Why are we not using XML DSig for >> signing XRD? I just got off a Shibboleth call where we were >> discussing the scope of work for adding OpenID and XRD support to >> Shibboleth, and several people (Scott Cantor included, of course) >> asked why weren't using XML DSig. I didn't actually know the >> answer. I've certainly wondered that myself, but kinda took it at >> face value that there was a good reason. Is there? Is it really >> just that XML Canonicalization is "too hard"? If that's it, then >> isn't the answer to just write better libraries ONCE and be done >> with it? Was there something else brought up in past discussions? >> >> If there is a good reason, that's fine... I'd just be a little >> embarrassed (especially as a developer) if all we have is "it's too >> hard". >> >> -will >> >> --------------------------------------------------------------------- >> To unsubscribe from this mail list, you must leave the OASIS TC that >> generates this mail. Follow this link to all your TCs in OASIS at: >> https://www.oasis-open.org/apps/org/workgroup/portal/ >> my_workgroups.php > > --------------------------------------------------------------------- > To unsubscribe from this mail list, you must leave the OASIS TC that > generates this mail. Follow this link to all your TCs in OASIS at: > https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]