You are viewing a plain text version of this content. The canonical link for it is here.
Posted to xmlbeans-dev@xml.apache.org by David Remy <dr...@bea.com> on 2004/06/30 19:04:24 UTC
xmlbeans xml security
David (Waite),
I got the chance to meet with Noah Campbell for dinner Mon night at
JavaOne and he expressed an interest in contributing in the are of xml
security. I wonder if we should start a sandbox in cvs with a security
directory that we could use to start experimenting on xml security over
xmlbeans. Unless someone has an issue with that I will go ahead and do
it (specifically under xml-xmlbeans create a subdirectory called sandbox
and then a security directory under it).
Perhaps we should get started on an XML Sig implementation and see what
hurdles we run into. I *believe* at some point we are going to want an
option on the xml store to keep things in the store canonically so that
the big c14n copy to create and validate signatures can be avoided. In
the meantime though we could get started and therefore define any
requirements that the store might get.
It only makes sense to have a security implementation in xmlbeans if we
can take advantage of the xml store to improve efficiency, otherwise we
should leave it to apache xml sec ...
rem
- ---------------------------------------------------------------------
To unsubscribe, e-mail: xmlbeans-dev-unsubscribe@xml.apache.org
For additional commands, e-mail: xmlbeans-dev-help@xml.apache.org
Apache XMLBeans Project -- URL: http://xml.apache.org/xmlbeans/
Re: xmlbeans xml security
Posted by Ted Leung <tw...@sauria.com>.
David,
There is already an XML Security project at xml.apache.org. Is there
any
chance of combining efforts with those folks on this?
Ted
On Jun 30, 2004, at 10:04 AM, David Remy wrote:
> David (Waite),
> I got the chance to meet with Noah Campbell for dinner Mon night at
> JavaOne and he expressed an interest in contributing in the are of xml
> security. I wonder if we should start a sandbox in cvs with a security
> directory that we could use to start experimenting on xml security over
> xmlbeans. Unless someone has an issue with that I will go ahead and do
> it (specifically under xml-xmlbeans create a subdirectory called
> sandbox
> and then a security directory under it).
>
> Perhaps we should get started on an XML Sig implementation and see what
> hurdles we run into. I *believe* at some point we are going to want an
> option on the xml store to keep things in the store canonically so that
> the big c14n copy to create and validate signatures can be avoided. In
> the meantime though we could get started and therefore define any
> requirements that the store might get.
>
> It only makes sense to have a security implementation in xmlbeans if we
> can take advantage of the xml store to improve efficiency, otherwise we
> should leave it to apache xml sec ...
>
> rem
>
> - ---------------------------------------------------------------------
> To unsubscribe, e-mail: xmlbeans-dev-unsubscribe@xml.apache.org
> For additional commands, e-mail: xmlbeans-dev-help@xml.apache.org
> Apache XMLBeans Project -- URL: http://xml.apache.org/xmlbeans/
>
----
Ted Leung Blog: <http://www.sauria.com/blog>
PGP Fingerprint: 1003 7870 251F FA71 A59A CEE3 BEBA 2B87 F5FC 4B42
- ---------------------------------------------------------------------
To unsubscribe, e-mail: xmlbeans-dev-unsubscribe@xml.apache.org
For additional commands, e-mail: xmlbeans-dev-help@xml.apache.org
Apache XMLBeans Project -- URL: http://xml.apache.org/xmlbeans/
Re: xmlbeans xml security
Posted by Noah Campbell <no...@gmail.com>.
I assume that Dave Remy wrote the original message?
In regards to the netstore2...Since I wasn't around when it was
written I'm a bit of a disadvantage as to how it works. This will
provide an excellent way to get up to speed on how it works.
I was also told that it was being moved back to newstore. Is there an
ETA on with this complete so we're not struggling against an code
migration.
Thanks
Noah
On Wed, 30 Jun 2004 13:37:01 -0600, David Waite <ma...@akuma.org> wrote:
>
> On Jun 30, 2004, at 11:04 AM, David Remy wrote:
>
> > David (Waite),
> > I got the chance to meet with Noah Campbell for dinner Mon night at
> > JavaOne and he expressed an interest in contributing in the are of xml
> > security. I wonder if we should start a sandbox in cvs with a security
> > directory that we could use to start experimenting on xml security over
> > xmlbeans. Unless someone has an issue with that I will go ahead and do
> > it (specifically under xml-xmlbeans create a subdirectory called
> > sandbox
> > and then a security directory under it).
>
> This sounds good to me, although I would suggest we try to structure
> the sandbox so that we can keep up-to-date with v2 as easily as
> possible. In particular, it would be nice to branch newstore2 if we are
> adding options for c14n.
>
> > Perhaps we should get started on an XML Sig implementation and see what
> > hurdles we run into. I *believe* at some point we are going to want an
> > option on the xml store to keep things in the store canonically so that
> > the big c14n copy to create and validate signatures can be avoided. In
> > the meantime though we could get started and therefore define any
> > requirements that the store might get.
>
> My understanding is that there is no true 'canonical form', since
> canonicalization is just part of the transformation chain, and
> canonicalization (especially exclusive canonicalization) can differ
> based on the starting reference point(s). I think the approach should
> be either to create a new store, or add options on the existing store,
> to make creation of the canonicalized format as efficient as possible.
>
> >
> > It only makes sense to have a security implementation in xmlbeans if we
> > can take advantage of the xml store to improve efficiency, otherwise we
> > should leave it to apache xml sec ...
>
> We probably should cannibalize as much of xmlsec as possible within the
> sandbox while experimenting, then figure out how to integrate with it
> as a separate project before leaving the sandbox.
>
> -David Waite
>
> - ---------------------------------------------------------------------
> To unsubscribe, e-mail: xmlbeans-dev-unsubscribe@xml.apache.org
> For additional commands, e-mail: xmlbeans-dev-help@xml.apache.org
> Apache XMLBeans Project -- URL: http://xml.apache.org/xmlbeans/
>
>
- ---------------------------------------------------------------------
To unsubscribe, e-mail: xmlbeans-dev-unsubscribe@xml.apache.org
For additional commands, e-mail: xmlbeans-dev-help@xml.apache.org
Apache XMLBeans Project -- URL: http://xml.apache.org/xmlbeans/
Re: xmlbeans xml security
Posted by Noah Campbell <no...@gmail.com>.
I assume that Dave Remy wrote the original message?
In regards to the netstore2...Since I wasn't around when it was
written I'm a bit of a disadvantage as to how it works. This will
provide an excellent way to get up to speed on how it works.
I was also told that it was being moved back to newstore. Is there an
ETA on with this complete so we're not struggling against an code
migration.
Thanks
Noah
On Wed, 30 Jun 2004 13:37:01 -0600, David Waite <ma...@akuma.org> wrote:
>
> On Jun 30, 2004, at 11:04 AM, David Remy wrote:
>
> > David (Waite),
> > I got the chance to meet with Noah Campbell for dinner Mon night at
> > JavaOne and he expressed an interest in contributing in the are of xml
> > security. I wonder if we should start a sandbox in cvs with a security
> > directory that we could use to start experimenting on xml security over
> > xmlbeans. Unless someone has an issue with that I will go ahead and do
> > it (specifically under xml-xmlbeans create a subdirectory called
> > sandbox
> > and then a security directory under it).
>
> This sounds good to me, although I would suggest we try to structure
> the sandbox so that we can keep up-to-date with v2 as easily as
> possible. In particular, it would be nice to branch newstore2 if we are
> adding options for c14n.
>
> > Perhaps we should get started on an XML Sig implementation and see what
> > hurdles we run into. I *believe* at some point we are going to want an
> > option on the xml store to keep things in the store canonically so that
> > the big c14n copy to create and validate signatures can be avoided. In
> > the meantime though we could get started and therefore define any
> > requirements that the store might get.
>
> My understanding is that there is no true 'canonical form', since
> canonicalization is just part of the transformation chain, and
> canonicalization (especially exclusive canonicalization) can differ
> based on the starting reference point(s). I think the approach should
> be either to create a new store, or add options on the existing store,
> to make creation of the canonicalized format as efficient as possible.
>
> >
> > It only makes sense to have a security implementation in xmlbeans if we
> > can take advantage of the xml store to improve efficiency, otherwise we
> > should leave it to apache xml sec ...
>
> We probably should cannibalize as much of xmlsec as possible within the
> sandbox while experimenting, then figure out how to integrate with it
> as a separate project before leaving the sandbox.
>
> -David Waite
>
> - ---------------------------------------------------------------------
> To unsubscribe, e-mail: xmlbeans-dev-unsubscribe@xml.apache.org
> For additional commands, e-mail: xmlbeans-dev-help@xml.apache.org
> Apache XMLBeans Project -- URL: http://xml.apache.org/xmlbeans/
>
>
- ---------------------------------------------------------------------
To unsubscribe, e-mail: xmlbeans-dev-unsubscribe@xml.apache.org
For additional commands, e-mail: xmlbeans-dev-help@xml.apache.org
Apache XMLBeans Project -- URL: http://xml.apache.org/xmlbeans/
Re: xmlbeans xml security
Posted by David Waite <ma...@akuma.org>.
On Jun 30, 2004, at 11:04 AM, David Remy wrote:
> David (Waite),
> I got the chance to meet with Noah Campbell for dinner Mon night at
> JavaOne and he expressed an interest in contributing in the are of xml
> security. I wonder if we should start a sandbox in cvs with a security
> directory that we could use to start experimenting on xml security over
> xmlbeans. Unless someone has an issue with that I will go ahead and do
> it (specifically under xml-xmlbeans create a subdirectory called
> sandbox
> and then a security directory under it).
This sounds good to me, although I would suggest we try to structure
the sandbox so that we can keep up-to-date with v2 as easily as
possible. In particular, it would be nice to branch newstore2 if we are
adding options for c14n.
> Perhaps we should get started on an XML Sig implementation and see what
> hurdles we run into. I *believe* at some point we are going to want an
> option on the xml store to keep things in the store canonically so that
> the big c14n copy to create and validate signatures can be avoided. In
> the meantime though we could get started and therefore define any
> requirements that the store might get.
My understanding is that there is no true 'canonical form', since
canonicalization is just part of the transformation chain, and
canonicalization (especially exclusive canonicalization) can differ
based on the starting reference point(s). I think the approach should
be either to create a new store, or add options on the existing store,
to make creation of the canonicalized format as efficient as possible.
>
> It only makes sense to have a security implementation in xmlbeans if we
> can take advantage of the xml store to improve efficiency, otherwise we
> should leave it to apache xml sec ...
We probably should cannibalize as much of xmlsec as possible within the
sandbox while experimenting, then figure out how to integrate with it
as a separate project before leaving the sandbox.
-David Waite
- ---------------------------------------------------------------------
To unsubscribe, e-mail: xmlbeans-dev-unsubscribe@xml.apache.org
For additional commands, e-mail: xmlbeans-dev-help@xml.apache.org
Apache XMLBeans Project -- URL: http://xml.apache.org/xmlbeans/
Re: xmlbeans xml security
Posted by David Waite <ma...@akuma.org>.
On Jun 30, 2004, at 11:04 AM, David Remy wrote:
> David (Waite),
> I got the chance to meet with Noah Campbell for dinner Mon night at
> JavaOne and he expressed an interest in contributing in the are of xml
> security. I wonder if we should start a sandbox in cvs with a security
> directory that we could use to start experimenting on xml security over
> xmlbeans. Unless someone has an issue with that I will go ahead and do
> it (specifically under xml-xmlbeans create a subdirectory called
> sandbox
> and then a security directory under it).
This sounds good to me, although I would suggest we try to structure
the sandbox so that we can keep up-to-date with v2 as easily as
possible. In particular, it would be nice to branch newstore2 if we are
adding options for c14n.
> Perhaps we should get started on an XML Sig implementation and see what
> hurdles we run into. I *believe* at some point we are going to want an
> option on the xml store to keep things in the store canonically so that
> the big c14n copy to create and validate signatures can be avoided. In
> the meantime though we could get started and therefore define any
> requirements that the store might get.
My understanding is that there is no true 'canonical form', since
canonicalization is just part of the transformation chain, and
canonicalization (especially exclusive canonicalization) can differ
based on the starting reference point(s). I think the approach should
be either to create a new store, or add options on the existing store,
to make creation of the canonicalized format as efficient as possible.
>
> It only makes sense to have a security implementation in xmlbeans if we
> can take advantage of the xml store to improve efficiency, otherwise we
> should leave it to apache xml sec ...
We probably should cannibalize as much of xmlsec as possible within the
sandbox while experimenting, then figure out how to integrate with it
as a separate project before leaving the sandbox.
-David Waite
- ---------------------------------------------------------------------
To unsubscribe, e-mail: xmlbeans-dev-unsubscribe@xml.apache.org
For additional commands, e-mail: xmlbeans-dev-help@xml.apache.org
Apache XMLBeans Project -- URL: http://xml.apache.org/xmlbeans/
Re: xmlbeans xml security
Posted by Ted Leung <tw...@sauria.com>.
David,
There is already an XML Security project at xml.apache.org. Is there
any
chance of combining efforts with those folks on this?
Ted
On Jun 30, 2004, at 10:04 AM, David Remy wrote:
> David (Waite),
> I got the chance to meet with Noah Campbell for dinner Mon night at
> JavaOne and he expressed an interest in contributing in the are of xml
> security. I wonder if we should start a sandbox in cvs with a security
> directory that we could use to start experimenting on xml security over
> xmlbeans. Unless someone has an issue with that I will go ahead and do
> it (specifically under xml-xmlbeans create a subdirectory called
> sandbox
> and then a security directory under it).
>
> Perhaps we should get started on an XML Sig implementation and see what
> hurdles we run into. I *believe* at some point we are going to want an
> option on the xml store to keep things in the store canonically so that
> the big c14n copy to create and validate signatures can be avoided. In
> the meantime though we could get started and therefore define any
> requirements that the store might get.
>
> It only makes sense to have a security implementation in xmlbeans if we
> can take advantage of the xml store to improve efficiency, otherwise we
> should leave it to apache xml sec ...
>
> rem
>
> - ---------------------------------------------------------------------
> To unsubscribe, e-mail: xmlbeans-dev-unsubscribe@xml.apache.org
> For additional commands, e-mail: xmlbeans-dev-help@xml.apache.org
> Apache XMLBeans Project -- URL: http://xml.apache.org/xmlbeans/
>
----
Ted Leung Blog: <http://www.sauria.com/blog>
PGP Fingerprint: 1003 7870 251F FA71 A59A CEE3 BEBA 2B87 F5FC 4B42
- ---------------------------------------------------------------------
To unsubscribe, e-mail: xmlbeans-dev-unsubscribe@xml.apache.org
For additional commands, e-mail: xmlbeans-dev-help@xml.apache.org
Apache XMLBeans Project -- URL: http://xml.apache.org/xmlbeans/