I am pretty sure we support all of the MUST/SHOULD requirements in the
XML Signature 1.1 specification. If not, it should be treated as a bug.
--Sean
On 12/10/2015 10:00 AM, Cantor, Scott wrote:
On 12/10/15, 9:45 AM, "Pellerin, Clement" <[email protected]> wrote:
I asked the same question about XMLDSig 2.0 years ago.
Santuario responded they will never implement XMLDSig 2.0 since the object
model is incompatible.
2.0 was just a proposal that was abandoned out of lack of interest from
implementers. Concretely it had some small wins but did nothing to address the
primary issues that led people to abandon XML so wouldn't have helped anything.
The Santuario 1.5.3 release notes mention:
This release features support for new XML Signature 1.1 KeyInfo extensions.
Yes, some of that work was done by my project and donated.
Is the goal of Santuario to support all of XMLDSig 1.1 and XMLEnc 1.1?
How far are we in that project?
I'm fairly certain most of XMLEnc 1.1 isn't, seeing as ECDH was the major
change there and it isn't supported AFAIK. GCM is, but hasn't seen much testing
since Java 8 is the first version to include it.
I doubt there's a lot of XMLSig 1.1 that isn't already done.
-- Scott
