RIF: How much XML Signature is mature? from Gino Tesei on 2003-10-21 (w3c-ietf-xmldsig@w3.org from October to December 2003)

From: Gino Tesei <gino.tesei@ekar.it>
Date: Tue, 21 Oct 2003 21:47:27 +0200
To: "Don Park" <donpark@docuverse.com>, <w3c-ietf-xmldsig@w3.org>
Message-ID: <F95FCBD3427A2C48B8704C734F26119E37C4B1@mail.ekar.it>

Thank you for your answer. Don.
 
>Timeline might be a little longer than six months, but direct hardware
>support for 3D-Secure is coming.  For example, a chip that can parse,
>encrypt, decrypt, canonicalize, sign, and validate XML would be very useful
>as well as marketable since the market has started to realize that
>XML/Crypto combo throw a wrench into Google-like approaches to scalability.

 
These were  also my fears. Unfortunately, delivering innovation means sometimes starting without a clear de facto standard; other times, without a de iure one. 
 
Gino

 -----Messaggio originale----- 
 Da: Don Park [mailto:donpark@docuverse.com] 
 Inviato: dom 19/10/2003 0.49 
 A: 'Rich Salz'; Gino Tesei; w3c-ietf-xmldsig@w3.org 
 Cc: 
 Oggetto: RE: How much XML Signature is mature?
 
 

 > XML DSIG is being used in the real world for real financial
 > transactions.  For example RouteOne is doing online auto loan
 
 I would say 3D-Secure is a prime example of widely used protocol based on
 XML-Signature.  Since 3D-Secure is all about credit-card processing, you
 might want to take a look at it.  One can extend 3D-Secure to support the
 kind of transaction you described.
 
 > What's your opinion about such issues? What's new in six months?
 
 Timeline might be a little longer than six months, but direct hardware
 support for 3D-Secure is coming.  For example, a chip that can parse,
 encrypt, decrypt, canonicalize, sign, and validate XML would be very useful
 as well as marketable since the market has started to realize that
 XML/Crypto combo throw a wrench into Google-like approaches to scalability.
 
 Best,
 
 Don Park
 http://www.docuverse.com/

 http://www.docuverse.com/blog/donpark/

 
 > What's your opinion about such issues? What's new in six months?
 >
 > XML DSIG, as supported by WS-Security (i.e., signing SOAP messages)
 > is the way to go.  There are still security issues (implementation,
 > implications of canonicalization, etc.) that will need some analysis
 > on your side.  In six months, toolkits will be widespread, companies
 > like mine will be more popular, and WS-I will have a draft profile
 > that offers solid interop guidance on WS-Security and XML DSIG.
 > Also, in the greater Boston area it will be cloudy with a chance
 > of rain and temperatures around 68 Fahrenheit. :)
 >
 > Hope this helps.
 >         /r$
 > --
 > Rich Salz                  Chief Security Architect
 > DataPower Technology       http://www.datapower.com

 > XS40 XML Security Gateway  http://www.datapower.com/products/xs40.html

 > XML Security Overview
 > http://www.datapower.com/xmldev/xmlsecurity.html

Received on Tuesday, 21 October 2003 15:50:05 UTC