Dear all,Security best practices indicate that SHA1 should be replaced by safer algorithms like SHA256. Some WS security toolkits currently are unable to sign messages using the newer http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 algorithm, this is explained by references that WS-SecurityPolicy currently supports the http://www.w3.org/2000/09/xmldsig#rsa-sha1 signature algorithm. For example https://issues.apache.org/jira/browse/RAMPART-216and some references in
https://lists.oasis-open.org/archives/wss-dev/201311/msg00005.html.Would support for http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 in WS-SecurityPolicy require a new version? If so, is any such new version under consideration?
Kind Regards, Pim van der Eijk