W3C home > Mailing lists > Public > xproc-dev@w3.org > May 2010

Re: EXProc proposal: pxp:hmac-sha1 (and pxp:hmac-md5)

From: James Fuller <james.fuller.2007@gmail.com>
Date: Tue, 18 May 2010 09:44:07 +0200
Message-ID: <AANLkTimzoN-zTQhkaSoLDIZPcn-hiKM2v0eXCek12hVF@mail.gmail.com>
To: Toman_Vojtech@emc.com
Cc: xproc-dev@w3.org
On Tue, May 18, 2010 at 9:34 AM,  <Toman_Vojtech@emc.com> wrote:
> Hello,
> I was trying to implement some basic support for OAuth in XProc today
> and realized that with standard XProc, this is impossible to do. The
> main reason is that at some point in the OAuth flow, the (XProc) client
> needs to sign data using HMAC-SHA1 - but there is no such functionality
> in XProc. We already have the p:hash step, but that one is not
> sufficient for implementing HMAC-SHA1 (or HMAC-MD5) in XProc, so I think
> a new step is required for this task.

I agree this func is needed and it would be best to come with a common approach

I would stump up for just defining exproc:hmac-sha1 on the algorithm
option on existing p:hash instread of a new step? Afterall it is
defined as a Qname ... which does make me think of what namespace the
existing options are in ;)


> I am not talking about XML Signature here which is a whole another can
> of worms; I just want to be able to sign simple strings.
> Of course, I could implement a custom step for this, but since I think
> signing data is a quite common task, perhaps adding one or more
> signature-related steps in EXProc would be a better idea.
> What do others think?
> Regards,
> Vojtech
> --
> Vojtech Toman
> Principal Software Engineer
> EMC Corporation
> toman_vojtech@emc.com
> http://developer.emc.com/xmltech
Received on Tuesday, 18 May 2010 07:51:09 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:03:06 UTC