W3C home > Mailing lists > Public > xproc-dev@w3.org > May 2010

Re: EXProc proposal: pxp:hmac-sha1 (and pxp:hmac-md5)

From: James Fuller <james.fuller.2007@gmail.com>
Date: Tue, 18 May 2010 09:44:07 +0200
Message-ID: <AANLkTimzoN-zTQhkaSoLDIZPcn-hiKM2v0eXCek12hVF@mail.gmail.com>
To: Toman_Vojtech@emc.com
Cc: xproc-dev@w3.org
On Tue, May 18, 2010 at 9:34 AM,  <Toman_Vojtech@emc.com> wrote:
> Hello,
>
> I was trying to implement some basic support for OAuth in XProc today
> and realized that with standard XProc, this is impossible to do. The
> main reason is that at some point in the OAuth flow, the (XProc) client
> needs to sign data using HMAC-SHA1 - but there is no such functionality
> in XProc. We already have the p:hash step, but that one is not
> sufficient for implementing HMAC-SHA1 (or HMAC-MD5) in XProc, so I think
> a new step is required for this task.

I agree this func is needed and it would be best to come with a common approach

I would stump up for just defining exproc:hmac-sha1 on the algorithm
option on existing p:hash instread of a new step? Afterall it is
defined as a Qname ... which does make me think of what namespace the
existing options are in ;)

J

>
> I am not talking about XML Signature here which is a whole another can
> of worms; I just want to be able to sign simple strings.
>
> Of course, I could implement a custom step for this, but since I think
> signing data is a quite common task, perhaps adding one or more
> signature-related steps in EXProc would be a better idea.
>
> What do others think?
>
> Regards,
> Vojtech
>
> --
> Vojtech Toman
> Principal Software Engineer
> EMC Corporation
> toman_vojtech@emc.com
> http://developer.emc.com/xmltech
>
>
Received on Tuesday, 18 May 2010 07:51:09 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 18 May 2010 07:51:09 GMT