You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@santuario.apache.org by Martin Ravell <xm...@rave-tech.com.au> on 2005/07/01 00:27:56 UTC
RE: Enveloped suggestions
Thanks for the pointer Scott. I'll take another look at the reference
implementation.
I'm kind of interested in the Apache security stuff now and my question on
which of the samples to focus on still stands. Can you (or anyone out there
on the list) suggest a tutorial or even just which of the samples best
covers the process of creating an enveloped signature and then validates it?
Thanks
Marty
-----Original Message-----
From: Scott Cantor [mailto:cantor.2@osu.edu]
Sent: Friday, 1 July 2005 12:58 AM
To: security-dev@xml.apache.org
Subject: RE: Enveloped suggestions
> I had also looked at the reference implementation that ships with the
JWSDP
> 1.5 but had problems in being able to specify a particular element via
URI.
> The sample given seems to specify the whole document with a "" blank
String
> but when I try a relative URI (#elementname) it falls on it's arse.
You can't specify an element in a fragment by name, only by ID. Which has
its own set of endless problems since IDs are technically only legal in the
presence of a DTD, so there are endless hacks to try and establish what
attributes are IDs and they all require knowing ahead of time what's been
signed.
-- Scott
RE: Enveloped suggestions
Posted by Martin Ravell <xm...@rave-tech.com.au>.
Just had a crack at using the id and it seems to work. Given that my app is
building the XML to begin with I think I can live with the limitations you
mentioned.
I notice that the reference samples (JWSDP 1.5) seem to ignore the
canonicalization process on both the signing and verification processes. (I
tested removing some whitespace and wondered why it would not verify until I
took a closer look at the code).
So I guess I'm still interested in which of the Apache samples fits best
(and does canonicalization properly).
Regards
Marty
-----Original Message-----
From: Martin Ravell [mailto:xml@rave-tech.com.au]
Sent: Friday, 1 July 2005 8:28 AM
To: security-dev@xml.apache.org
Subject: RE: Enveloped suggestions
Thanks for the pointer Scott. I'll take another look at the reference
implementation.
I'm kind of interested in the Apache security stuff now and my question on
which of the samples to focus on still stands. Can you (or anyone out there
on the list) suggest a tutorial or even just which of the samples best
covers the process of creating an enveloped signature and then validates it?
Thanks
Marty
-----Original Message-----
From: Scott Cantor [mailto:cantor.2@osu.edu]
Sent: Friday, 1 July 2005 12:58 AM
To: security-dev@xml.apache.org
Subject: RE: Enveloped suggestions
> I had also looked at the reference implementation that ships with the
JWSDP
> 1.5 but had problems in being able to specify a particular element via
URI.
> The sample given seems to specify the whole document with a "" blank
String
> but when I try a relative URI (#elementname) it falls on it's arse.
You can't specify an element in a fragment by name, only by ID. Which has
its own set of endless problems since IDs are technically only legal in the
presence of a DTD, so there are endless hacks to try and establish what
attributes are IDs and they all require knowing ahead of time what's been
signed.
-- Scott