You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@santuario.apache.org by Raul Benito <ra...@apache.org> on 2006/10/30 13:10:41 UTC
apache java xml sec library release 1.4RC3 jar has been uploaded.
Hi I've uploaded a new jar of the 1.4RC3 to
http://people.apache.org/~raul/dist/xmlsec-1.4.RC3.jar . Please
download and test it. I hope this is the last RC and we can make a
final release soon.
Thanks to all the guys testing it.
Raul
Changelog:
New in 1.4RC3
Fixed bug 40796
New in 1.4RC2a
Fixed bug 40783
New in 1.4RC2
Fixed bug 40512. Made TransformSPI backward compatible. Now it is possible
to use implementations for the >1.3 versions paying the performance hit
of the old implementation.
Fix a small & unneeded java 1.4 dependecy.
KeyResolver & ResourceResolver can work like <1.3 mode when used
with old implementations.
--
http://r-bg.com
Re: apache java xml sec library release 1.4RC3 jar has been uploaded.
Posted by Sean Mullan <Se...@Sun.COM>.
Miroslav Nachev wrote:
>
>> If anyone else would like to see JSR 106 in JDK 7, please send me an
>> email with a few more details as to why it would be helpful, and your
>> company/organization name (if applicable).
> COSMOS Software Enterprises, Ltd.
> Sofia, Bulgaria
>
> It is not a problem to be used as external library, but is more useful
> if is part of JDK.
>
> Also I would like to tell you for some disadvantages in the existing
> XML Digital Signature included in JDK6. There are too many
> functionalities which exists in Apache XML Security and internal classes
> in JDK6, but doesn't exists in official JDK6 API. There are cases where
> if you start using internal classes which are not part of JDK XML
> Digital Signature but are part of Apache XML Security some clashes
> (conflicts) occur with classes with the same name which are from
> different package names.
We rename the Apache XML Security packages in the JDK to avoid these
type of issues, so I would be interested to know more about the problems
you are having.
> Also to retrieve more information from Certificates I use internal
> classes from JDK instead to use external libraries. Why these
> functionalities are hidden instead of to being put to official API?
Can you give me more specific examples of which classes you find useful.
> The last question is why is it not possible to generate version 3
> X509Certificates using JDK? That's why we have to use external libraries
> like OpenSSL and other.
Yes, certificate generation API/tools has been requested by other users,
and is something we would like to do and your feedback is important to
help justify it, so I will pass it on.
Thanks for the feedback. If others on this list have other security
features they would like to see in the JDK, please let me know. Also,
feel free to email me privately if you want as not everyone on this list
may be interested in this discussion.
Disclaimer: please note that due to resources, etc we will not be able
to accomodate all requests. Also, all Java SE platform features are
subject to JCP (Java Community Process) approval.
--Sean
Re: apache java xml sec library release 1.4RC3 jar has been uploaded.
Posted by Miroslav Nachev <mi...@space-comm.com>.
> If anyone else would like to see JSR 106 in JDK 7, please send me an
> email with a few more details as to why it would be helpful, and your
> company/organization name (if applicable).
COSMOS Software Enterprises, Ltd.
Sofia, Bulgaria
It is not a problem to be used as external library, but is more useful
if is part of JDK.
Also I would like to tell you for some disadvantages in the existing
XML Digital Signature included in JDK6. There are too many
functionalities which exists in Apache XML Security and internal classes
in JDK6, but doesn't exists in official JDK6 API. There are cases where
if you start using internal classes which are not part of JDK XML
Digital Signature but are part of Apache XML Security some clashes
(conflicts) occur with classes with the same name which are from
different package names.
Also to retrieve more information from Certificates I use internal
classes from JDK instead to use external libraries. Why these
functionalities are hidden instead of to being put to official API?
The last question is why is it not possible to generate version 3
X509Certificates using JDK? That's why we have to use external libraries
like OpenSSL and other.
Miro.
Sean Mullan wrote:
> Miroslav Nachev wrote:
>> Hi,
>>
>> This is very good, but why Encryption (XMLCipher, etc.) is not
>> included in JDK6?
>
> Hmm, well the Apache XML Encryption classes are not a standard Java SE
> API.
>
> Do you mean JSR 106 (the Java XML Digital Encryption APIs) [1] ? JSR
> 106 has not completed yet and was not part of JSR 270 [2] (the
> umbrella JSR for JDK 6), thus it was not possible for it to be
> included in JDK 6. Would you like to see it in JDK 7? Personally, I
> think it should be included in JDK 7 (because it fits with JSR 105
> which is included in JDK 6) but more input from the community would be
> valuable to help justify that.
>
> If anyone else would like to see JSR 106 in JDK 7, please send me an
> email with a few more details as to why it would be helpful, and your
> company/organization name (if applicable).
>
> Thanks,
> Sean
>
> [1] http://jcp.org/en/jsr/detail?id=106
> [2] http://jcp.org/en/jsr/detail?id=270
>
>
Re: apache java xml sec library release 1.4RC3 jar has been uploaded.
Posted by Sean Mullan <Se...@Sun.COM>.
Miroslav Nachev wrote:
> Hi,
>
> This is very good, but why Encryption (XMLCipher, etc.) is not included
> in JDK6?
Hmm, well the Apache XML Encryption classes are not a standard Java SE API.
Do you mean JSR 106 (the Java XML Digital Encryption APIs) [1] ? JSR 106
has not completed yet and was not part of JSR 270 [2] (the umbrella JSR
for JDK 6), thus it was not possible for it to be included in JDK 6.
Would you like to see it in JDK 7? Personally, I think it should be
included in JDK 7 (because it fits with JSR 105 which is included in JDK
6) but more input from the community would be valuable to help justify that.
If anyone else would like to see JSR 106 in JDK 7, please send me an
email with a few more details as to why it would be helpful, and your
company/organization name (if applicable).
Thanks,
Sean
[1] http://jcp.org/en/jsr/detail?id=106
[2] http://jcp.org/en/jsr/detail?id=270
Re: apache java xml sec library release 1.4RC3 jar has been uploaded.
Posted by Miroslav Nachev <mi...@space-comm.com>.
Hi,
This is very good, but why Encryption (XMLCipher, etc.) is not included
in JDK6?
Miro.
Raul Benito wrote:
> Hi I've uploaded a new jar of the 1.4RC3 to
> http://people.apache.org/~raul/dist/xmlsec-1.4.RC3.jar . Please
> download and test it. I hope this is the last RC and we can make a
> final release soon.
>
> Thanks to all the guys testing it.
>
> Raul
>
>
> Changelog:
>
> New in 1.4RC3
> Fixed bug 40796
>
> New in 1.4RC2a
> Fixed bug 40783
>
> New in 1.4RC2
> Fixed bug 40512. Made TransformSPI backward compatible. Now it is
> possible
> to use implementations for the >1.3 versions paying the
> performance hit
> of the old implementation.
> Fix a small & unneeded java 1.4 dependecy.
> KeyResolver & ResourceResolver can work like <1.3 mode when used
> with old implementations.
>