Re: Issues with XML Dig Sig and XML Canonicalization

On 12/02/10 3:54 PM, kuehne@trustable.de wrote:
> Hi all,
>
> our goal in the OASIS DSS group is make the living with DSig as easy as possible !

Nice.

> That's why we made a spec to easily access a crypto server component by webservice and forget about signature standards, algorithms, validity dates ...
>
> My company build a open sourced server implementation of the DSS spec and moreover we implemented the widget signature spec. And to make the programmer feel comfortable we added an ant task that takes the jar and applies the signature by calling the DSS server. The build process remains as usual, the developer can concentrate on wigdet functionality. Moreover the certificates are in a save place ( on the server ) and only the admnistrator has to care about expiry days. But that's his daily business, if there is SSL around.

Right.

> Yes, this smells a bit like "the tools will save us", but we are all using compilers day in and day out. I don't know how to write a compiler nevertheless I use them. So neither compilers nor signing facilities should to be a concern for the widget group !

We build specs so tools can be built.

> So just use what's there. And XMLDSig is there !

Right.

> Btw: We also got the J2SE code signing spec ( jar signing ) implemented. I don't think that's much better solution for widgets. It's just strange in other ways ...

It would be great to have your implementation included in the 
implementation report for this spec. We are hoping to begin creating a 
test suite soon. Would you be willing to submit results?

Received on Tuesday, 16 February 2010 14:03:03 UTC