- From: Don Park <donpark@docuverse.com>
- Date: Sat, 18 Oct 2003 15:49:55 -0700
- To: "'Rich Salz'" <rsalz@datapower.com>, <gino.tesei@ekar.it>, <w3c-ietf-xmldsig@w3.org>
> XML DSIG is being used in the real world for real financial > transactions. For example RouteOne is doing online auto loan I would say 3D-Secure is a prime example of widely used protocol based on XML-Signature. Since 3D-Secure is all about credit-card processing, you might want to take a look at it. One can extend 3D-Secure to support the kind of transaction you described. > What's your opinion about such issues? What's new in six months? Timeline might be a little longer than six months, but direct hardware support for 3D-Secure is coming. For example, a chip that can parse, encrypt, decrypt, canonicalize, sign, and validate XML would be very useful as well as marketable since the market has started to realize that XML/Crypto combo throw a wrench into Google-like approaches to scalability. Best, Don Park http://www.docuverse.com/ http://www.docuverse.com/blog/donpark/ > What's your opinion about such issues? What's new in six months? > > XML DSIG, as supported by WS-Security (i.e., signing SOAP messages) > is the way to go. There are still security issues (implementation, > implications of canonicalization, etc.) that will need some analysis > on your side. In six months, toolkits will be widespread, companies > like mine will be more popular, and WS-I will have a draft profile > that offers solid interop guidance on WS-Security and XML DSIG. > Also, in the greater Boston area it will be cloudy with a chance > of rain and temperatures around 68 Fahrenheit. :) > > Hope this helps. > /r$ > -- > Rich Salz Chief Security Architect > DataPower Technology http://www.datapower.com > XS40 XML Security Gateway http://www.datapower.com/products/xs40.html > XML Security Overview > http://www.datapower.com/xmldev/xmlsecurity.html
Received on Saturday, 18 October 2003 18:59:06 UTC