W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > October to December 2003

RIF: How much XML Signature is mature?

From: Gino Tesei <gino.tesei@ekar.it>
Date: Tue, 21 Oct 2003 21:47:27 +0200
Message-ID: <F95FCBD3427A2C48B8704C734F26119E37C4B1@mail.ekar.it>
To: "Don Park" <donpark@docuverse.com>, <w3c-ietf-xmldsig@w3.org> 
Thank you for your answer. Don.
 
>Timeline might be a little longer than six months, but direct hardware
>support for 3D-Secure is coming.  For example, a chip that can parse,
>encrypt, decrypt, canonicalize, sign, and validate XML would be very useful
>as well as marketable since the market has started to realize that
>XML/Crypto combo throw a wrench into Google-like approaches to scalability.

 
These were  also my fears. Unfortunately, delivering innovation means sometimes starting without a clear de facto standard; other times, without a de iure one. 
 
Gino

	-----Messaggio originale----- 
	Da: Don Park [mailto:donpark@docuverse.com] 
	Inviato: dom 19/10/2003 0.49 
	A: 'Rich Salz'; Gino Tesei; w3c-ietf-xmldsig@w3.org 
	Cc: 
	Oggetto: RE: How much XML Signature is mature?
	
	

	> XML DSIG is being used in the real world for real financial
	> transactions.  For example RouteOne is doing online auto loan
	
	I would say 3D-Secure is a prime example of widely used protocol based on
	XML-Signature.  Since 3D-Secure is all about credit-card processing, you
	might want to take a look at it.  One can extend 3D-Secure to support the
	kind of transaction you described.
	
	> What's your opinion about such issues? What's new in six months?
	
	Timeline might be a little longer than six months, but direct hardware
	support for 3D-Secure is coming.  For example, a chip that can parse,
	encrypt, decrypt, canonicalize, sign, and validate XML would be very useful
	as well as marketable since the market has started to realize that
	XML/Crypto combo throw a wrench into Google-like approaches to scalability.
	
	Best,
	
	Don Park
	http://www.docuverse.com/

	http://www.docuverse.com/blog/donpark/

	
	> What's your opinion about such issues? What's new in six months?
	>
	> XML DSIG, as supported by WS-Security (i.e., signing SOAP messages)
	> is the way to go.  There are still security issues (implementation,
	> implications of canonicalization, etc.) that will need some analysis
	> on your side.  In six months, toolkits will be widespread, companies
	> like mine will be more popular, and WS-I will have a draft profile
	> that offers solid interop guidance on WS-Security and XML DSIG.
	> Also, in the greater Boston area it will be cloudy with a chance
	> of rain and temperatures around 68 Fahrenheit. :)
	>
	> Hope this helps.
	>         /r$
	> --
	> Rich Salz                  Chief Security Architect
	> DataPower Technology       http://www.datapower.com

	> XS40 XML Security Gateway  http://www.datapower.com/products/xs40.html

	> XML Security Overview
	> http://www.datapower.com/xmldev/xmlsecurity.html
Received on Tuesday, 21 October 2003 15:50:05 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:17 GMT