W3C home > Mailing lists > Public > xproc-dev@w3.org > May 2010

EXProc proposal: pxp:hmac-sha1 (and pxp:hmac-md5)

From: <Toman_Vojtech@emc.com>
Date: Tue, 18 May 2010 03:34:42 -0400
Message-ID: <997C307BEB90984EBE935699389EC41C016F69A9@CORPUSMX70C.corp.emc.com>
To: <xproc-dev@w3.org>

I was trying to implement some basic support for OAuth in XProc today
and realized that with standard XProc, this is impossible to do. The
main reason is that at some point in the OAuth flow, the (XProc) client
needs to sign data using HMAC-SHA1 - but there is no such functionality
in XProc. We already have the p:hash step, but that one is not
sufficient for implementing HMAC-SHA1 (or HMAC-MD5) in XProc, so I think
a new step is required for this task.

I am not talking about XML Signature here which is a whole another can
of worms; I just want to be able to sign simple strings.

Of course, I could implement a custom step for this, but since I think
signing data is a quite common task, perhaps adding one or more
signature-related steps in EXProc would be a better idea. 

What do others think?


Vojtech Toman
Principal Software Engineer
EMC Corporation
Received on Tuesday, 18 May 2010 07:35:26 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:03:06 UTC