santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Colm O hEigeartaigh <>
Subject Re: Small milestone for genxdm-based port of Santuario - works with Axiom!
Date Thu, 28 Apr 2011 14:38:23 GMT
Hi Eric,

Apologies for not replying to you on this earlier. Congrats on the
achievement of getting everything working with Axiom. I have a couple
of questions....

1) Have you considered using DDOM? This is more interesting to me than
non-standard APIs such as gen-xdm/AXIOM/etc.

2) Are you going to create a build which is a port of the Apache XML
Security for Java 1.4.4 release? What is your release plan going
forwards in terms of tracking Santuario releases? Are you going to
pick up on the (fairly extensive) changes made on trunk? How will you
merge bug fixes to your code?

3) Have you considered whether it might be a good idea to submit this
project as a subproject of Apache Santuario?

4) There may potentially be trademark issues with the current name of
"santuario-genxdm" - I'll have to check on this.

Lastly, if you have come across any particularly inefficient code etc.
when doing the port, then I'd certainly be interested to hear about
it, as I'm doing some work in this area on the current trunk code.



On Thu, Apr 21, 2011 at 5:49 PM, Sean Mullan <> wrote:
> On 4/20/11 1:43 PM, Eric Johnson wrote:
>> A quick email to note an interesting milestone that we just achieved.
>> For those who missed my previous emails, over at Apache Extras [1], we've
>> been
>> working on the santuario-genxdm [2] project, which is a port of the
>> Santuario
>> project to work using GenXDM [3].
>> With our latest release of GenXDM, we introduced support for a new
>> "bridge" to
>> the Axiom [4] data model. That meant, in theory, that the santuario-genxdm
>> project could now work with three different data models - Axiom, DOM, and
>> our
>> reference implementation we call "Cx".
>> In practice, Axiom didn't quite work. One security test case was failing.
>> Yesterday, we fixed that bug, so the next release of GenXDM, coupled with
>> santuario-genxdm, means that you can encrypt, decrypt, sign, and
>> canonicalize
>> Axiom-based tree models with full compliance.
>> In any case, one reason for writing this post is that it seems like we've
>> passed
>> a crucial milestone, and ought to do an "official" build of
>> santuario-genxdm, so
>> that others don't have to grab the source to build it and play with it.
>> The trick is, the port really should be a drop-in replacement (plus the
>> requisite GenXDM JARs). We've attempted to maintain full API
>> compatibility.
>> Except that actual drop-in replacement would imply keeping the same names
>> as the
>> existing JARs. Not wanting to step on any toes, or pretend this release is
>> something it isn't, keeping the existing xml-security JAR file names seems
>> like
>> a bad idea. What name changes should I introduce?
> I agree that you should avoid using the existing xmlsec.jar name. But other
> than that, I don't have any specific recommendations, and I think the name
> is completely up to you.
> --Sean
>> -Eric.
>> [1]
>> [2]
>> [3]
>> [4]

View raw message