OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xri message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [xri] XML DSig


Title: Re: [xri] XML DSig
The general sentiment here was that XML Dsig is too complicated/overkill. This is not my area but I am reluctant to use XML Dsig without consensus here that it is not too complicated.

EHL


On 5/26/09 2:23 PM, "Will Norris" <will@willnorris.com> wrote:

I think this argument may have been valid 2 or 3 years ago with SAML.  
I'm not sure that it holds any more.

  - http://www.w3.org/Signature/#Code
  - http://identitymeme.org/categories/markup/xml/xmldsig/
  - http://xmlsig.sourceforge.net/

Granted, I'm not sure what the status of these libraries are. But
given how long SAML has been around and how many different people have
worked on this, I have no doubt there is at least one "good enough"
implementation for most any given language.

-will


On May 26, 2009, at 2:00 PM, George Fletcher wrote:

> Basically, the desire was to use a signing mechanism like that
> enabled with the SAML Simple Sign binding. This requires no
> canonicalization and is easy to implement in scripts. Note that perl
> and ssh are great tools for testing this kind of signing. Good
> library support may be possible for php and java... but it really
> needs to carry over to all the other languages like ruby, python,
> perl, et. al. This is where the canonicalization does become "hard".
> That said, I'm not totally opposed to using XMLDSig if that's where
> the TC goes, but I do think it will slow down adoption in the non-
> mainstream languages.
>
> Thanks,
> George
>
> Will Norris wrote:
>> I'm sure this must have been discussed before, but it was before I
>> got involved with the TC.  Why are we not using XML DSig for
>> signing XRD?  I just got off a Shibboleth call where we were
>> discussing the scope of work for adding OpenID and XRD support to
>> Shibboleth, and several people (Scott Cantor included, of course)
>> asked why weren't using XML DSig.  I didn't actually know the
>> answer.  I've certainly wondered that myself, but kinda took it at
>> face value that there was a good reason.  Is there?  Is it really
>> just that XML Canonicalization is "too hard"?  If that's it, then
>> isn't the answer to just write better libraries ONCE and be done
>> with it?  Was there something else brought up in past discussions?
>>
>> If there is a good reason, that's fine... I'd just be a little
>> embarrassed (especially as a developer) if all we have is "it's too
>> hard".
>>
>> -will
>>
>> ---------------------------------------------------------------------
>> To unsubscribe from this mail list, you must leave the OASIS TC that
>> generates this mail.  Follow this link to all your TCs in OASIS at:
>> https://www.oasis-open.org/apps/org/workgroup/portal/
>> my_workgroups.php
>
> ---------------------------------------------------------------------
> To unsubscribe from this mail list, you must leave the OASIS TC that
> generates this mail.  Follow this link to all your TCs in OASIS at:
> https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php


---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail.  Follow this link to all your TCs in OASIS at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php




[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]