On 12/10/2015 10:13 AM, Pellerin, Clement wrote:
My project runs on Java 7.
Can it use all of XMLDSig 1.1 in Santuario, or parts of it require Java 8?
I think for the required parts, it should generally work fine JDK 7 and
up. One issue I can think of is that there are some internal JDK API
dependencies for parsing EC-based keys/signatures which may not be
available on all JDK implementations. I am hoping to clean this up and
eliminate these internal dependencies soon. Please file bugs if you find
things that don't work as expected, as some of this may be able to be
fixed in the Apache library and not require fixes in the underlying JDK.
--Sean
On December 10, 2015 10:00 AM, Scott Cantor wrote:
I asked the same question about XMLDSig 2.0 years ago.
Santuario responded they will never implement XMLDSig 2.0 since the object
model is incompatible.
2.0 was just a proposal that was abandoned out of lack of interest from
implementers. Concretely it had some small wins but did nothing to address the
primary issues that led people to abandon XML so wouldn't have helped anything.
The Santuario 1.5.3 release notes mention:
This release features support for new XML Signature 1.1 KeyInfo extensions.
Yes, some of that work was done by my project and donated.
Is the goal of Santuario to support all of XMLDSig 1.1 and XMLEnc 1.1?
How far are we in that project?
I'm fairly certain most of XMLEnc 1.1 isn't, seeing as ECDH was the major change
there and it isn't supported AFAIK. > GCM is, but hasn't seen much testing
since Java 8 is the first version to include it.
I doubt there's a lot of XMLSig 1.1 that isn't already done.
