Use of URIs rather than enums in C++ library

[Berin Lautenbach <be...@wingsofhermes.org>]

Peoples,

I have done some work to implement an algorithm mapper for the signature 
and digest algorithms in the C++ library.  As part of this, I have 
implemented new methods that allow callers to create new signatures or 
references using URIs rather than the current enumerated type.   This is 
for two reasons

1.  The algorithm mapper makes the library more extensible - you can 
implement a new algorithm (with associated URI) and register it with the 
library.  Thus the library does not have to know about a particular 
algorithm for it to be useable.

2.  The enumerated types become a bit more hidden to callers - you don't 
need to know the algorithm enum, you just have to pass in the standard URI.

The reason for the e-mail - I'm going to check all this in later in the 
week.  I've marked the old signature and reference creation calls (using 
enums) as deprecated, as it was probably a bad idea to go down that path 
in the first place.

But does anyone feel they (the enum based creation calls) should be left 
in-perpetuity?  (They won't be removed quickly, but they will eventually 
disappear.)

Cheers,
	Berin

RE: Use of URIs rather than enums in C++ library

[Scott Cantor <ca...@osu.edu>]

> I'm afraid that we are going to have the same discussin with java
> library(and bigger).

Really? I thought the Java library already used URIs. I'm using them now...

> Perhaps it is time to decide a little policy for this thing. I'd like
> Scott recomendation...
> What othe people think?

My main concern was just to get support for URIs into the C++ library, but I
don't feel that strongly about when the enums are dropped.

I'll have to code for both for a while anyway and I already implemented my
own mapping layer to handle it.

-- Scott

Re: Use of URIs rather than enums in C++ library

[Raul Benito <ra...@gmail.com>]

I'm afraid that we are going to have the same discussin with java
library(and bigger).
Perhaps it is time to decide a little policy for this thing. I'd like
Scott recomendation...
What othe people think?



On 7/4/05, Scott Cantor <ca...@osu.edu> wrote:
> > But does anyone feel they (the enum based creation calls) should be left
> > in-perpetuity?  (They won't be removed quickly, but they will eventually
> > disappear.)
> 
> I'd expect them to be deprecated for one major release (1.3?) and then
> potentially dropped afterward.
> 
> -- Scott
> 
> 


-- 
http://r-bg.com

Re: Use of URIs rather than enums in C++ library

[Berin Lautenbach <be...@wingsofhermes.org>]

Scott Cantor wrote:
>>But does anyone feel they (the enum based creation calls) should be left 
>>in-perpetuity?  (They won't be removed quickly, but they will eventually 
>>disappear.)
> 
> 
> I'd expect them to be deprecated for one major release (1.3?) and then
> potentially dropped afterward.

I was thinking something similar, but maybe wait until a 2.0 release 
before removal.  To me a "dot" release should be backwards compatible 
from an API perspective, to break things it should be a major rev 
change.  But am happy to go with majority thinking :>.

Either way - will check in tonight with "old" methods marked as deprecated.

Cheers,
	Berin

RE: Use of URIs rather than enums in C++ library

[Scott Cantor <ca...@osu.edu>]

> But does anyone feel they (the enum based creation calls) should be left 
> in-perpetuity?  (They won't be removed quickly, but they will eventually 
> disappear.)

I'd expect them to be deprecated for one major release (1.3?) and then
potentially dropped afterward.

-- Scott

Re: Signing only a few nodes, not the whole document

[Berin Lautenbach <be...@wingsofhermes.org>]

Peter.Nordlund@elekta.com wrote:
> I want to sign only some nodes in my document.
> As I understand it, this can be made with an id-attribute.
> This is not really the way I want to do it.
> If I got it right, it should be possible to do something like this if I
> want to sign all creditCardNo nodes:
> 
> DSIGReference* ref =
> sig->createReference(MAKE_UNICODE_STRING("#xpointer(//creditCardNo)"));
> 
> which now results in the following error:
> => Message: Unsupported Xpointer expression found

The xpointer support is not that complex.  The standard requires support
for barename Xpointer URIs ("#id") and recommends support for
#xpointer("/") and $xpointer(id("id")).

So you either need to use an Id (the common way to do it) or use an
XPath transform to select the nodes you want to use.

Cheers,
	Berin

Signing only a few nodes, not the whole document

[Pe...@elekta.com]

Hi all,

I'm a newbie and I don't have much knowledge about xml-security yet....

I want to sign only some nodes in my document.
As I understand it, this can be made with an id-attribute.
This is not really the way I want to do it.
If I got it right, it should be possible to do something like this if I
want to sign all creditCardNo nodes:

DSIGReference* ref =
sig->createReference(MAKE_UNICODE_STRING("#xpointer(//creditCardNo)"));

which now results in the following error:
=> Message: Unsupported Xpointer expression found

or

DSIGReference* ref =
sig->createReference(MAKE_UNICODE_STRING("//creditCardNo"));
=> Exception message:The URL used an unsupported protocol

None of my approaches work. Did I do wrong, or is this feature not
implemented?

Now, is this the same problem as Berin discusses in his post from
2005-07-14?
(See below.)

If anyone has a code samles with signing only a few nodes in a document I
would appreciate
if I could get such an example.


Moreover, On my wish list for the 1.3 release is a few more samples that
are a bit more advanced in the distro.


Best regards and thanks a lot for all good work done so far!
Peter



                                                                           
             Berin Lautenbach                                              
             <berin@wingsofher                                             
             mes.org>                                                   To 
                                       security-dev@xml.apache.org         
             2005-07-04 14:34                                           cc 
                                                                           
                                                                   Subject 
             Please respond to         Use of URIs rather than enums in    
             security-dev@xml.         C++ library                         
                apache.org                                                 
                                                                           
                                                                           
                                                                           
                                                                           
                                                                           




Peoples,

I have done some work to implement an algorithm mapper for the signature
and digest algorithms in the C++ library.  As part of this, I have
implemented new methods that allow callers to create new signatures or
references using URIs rather than the current enumerated type.   This is
for two reasons

....

             Berin





*******************Internet Email Confidentiality Footer*******************
The contents of this e-mail message (including any attachments hereto) are
confidential to and are intended to be conveyed for the use of the
recipient to whom it is addressed only. If you receive this transmission in
error, please notify the sender of this immediately and delete the message
from your system. Any distribution, reproduction or use of this message by
someone other than recipient is not authorized and may be unlawful.