cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Colin Britton" <cbrit...@metatomix.com>
Subject Re: xml-signature
Date Sun, 17 Feb 2002 14:08:22 GMT
We looked a while ago at building a transformer based on the IBM XML
security suite, but the licence is a commercial one. It has some good
features...

Digital signature implementation based on "XML-Signature Syntax and
Processing" by W3C/IETF
XML encryption implementation based on "XML Encryption Syntax and
Processing" by W3C
XML Access Control Language and implementation
http://www.alphaworks.ibm.com/tech/xmlsecuritysuite

Does anyone know of a similar suite that is open source?

rgds
CB

----- Original Message -----
From: "Michael Hartle" <mhartle@hartle-klug.com>
To: <cocoon-dev@xml.apache.org>
Sent: Sunday, February 17, 2002 8:29 AM
Subject: Re: xml-signature


> Jason Foster wrote:
>
> > Now that the W3 has recommended xml-signature, does it make sense to
> > try and figure out how to incorporate it into the Cocoon pipeline model?
> > I've put a (very) little thought into this and I'm not sure what
> > approach makes the most sense.  For documents serialized as XML, then
> > a modification to the XMLSerializer should work.  For other
> > serializers where you can't easily add XML content, then my guess is
> > that you have to go "out of band".
> > Unfortunately the "definition" of a serializer is that it is the last
> > thing in a pipeline.  It isn't (I think) possible using the current
> > sitemap semantics to define something that takes place after the
> > serializer, which means calculating the signature of the generated
> > content is impossible.
> >
> > Does anyone else see value in this, and if so, how would you add this
> > functionality?
>
> What about a SigningTransformer and a VerifyingTransformer ? The
> SigningTransformer would then sign the referenced portions as the last
> transformer in a pipeline; the VerifyingTransformer would check the
> signatures as the first transformer, either passing the correct content
> through or somehow marking the content or signature as invalid. I hope I
> understood the spec correctly so far; I guess that the specification
> does not apply to other content than serialized XML.
>
> Best regards,
>
> Michael Hartle,
> Hartle & Klug GbR
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: cocoon-dev-unsubscribe@xml.apache.org
> For additional commands, email: cocoon-dev-help@xml.apache.org
>
>


---------------------------------------------------------------------
To unsubscribe, e-mail: cocoon-dev-unsubscribe@xml.apache.org
For additional commands, email: cocoon-dev-help@xml.apache.org


Mime
View raw message