How much XML Signature is mature?

Hi all, 

I'm Gino Tesei and I'm new both this mailing list and XML Signature Technology. I'm sorry in advance for possible technical inaccuracies.

I'd like to have your opinions about the maturity of XML Signature Technology for real big projects with very strict legal reaquirements. Just two words to introduce a possible business scenario & some functional requirements. Let say that the "big" Bank (BB) want to publish a set of services (Web Services) for "smaller" (SS) banks, for a set of business reasons. For instance, in our SOA conceptual model a possible service can be Pay with Credit Card < in cc_num>. SS's customers have, hence, the possibility of paying with a their (normal) credit card, but SS don't communicate directly with Credit Card providers for all finer grained services to implement the above function (e.g. "is such a number a valid & correct CC card number?" or "is such a valid CC card number related to the given customer?"), but use BB as "a proxy" service provider. Obviously, such a service will be not free :) ... Now, in order to get the non-repudiation capability we have to handle signatures. Possible options are handling signatures at application level (e.g. using J2SE support) or using XML Signature. Both solutions can work but 

(Applic Level) developers have to write code by their hands to handle digests, signatures, certs, ... it's suitable having a self made framework ... new business partners have to agree to such a "self made standard", ...

(XML Signature) developers use a (Java?) implemetation of standard ... no a self made framework is required ... new business partners agree to XML Signature ... 

It's obvious that if XML Signature is mature enough (implementations robust, easy to use, integrated with IDEs or dev frameworks such as J2SE ... ) the latter is the best solution ... 

What's your opinion about such issues? What's new in six months? 

Thanks in advance. 

 

Gino Tesei

------------------------------------------------------------------- 
Gino Tesei 
Senior Consultant 
Ekar - Altran Group  

Via G. Modena, 10 - 20129 MILANO, ITALY 
Tel +39 027481191 - Fax: +39 027386847 
------------------------------------------------------------------- 

Received on Friday, 17 October 2003 08:13:29 UTC