Hi Bill,
> Digital signatures would make DOM4J a must-have, and I don't think I'm
> speaking just for myself!
>
> One of the things we're looking at is an XML portal that works equally
> well
> on both http and email. (Allowing us to combine B2B with P2P.)Digital
> signatures would be a great addition.
>
> Bill
I agree. XML Signature is necessary whenever you want to establish secure
XML Messaging. That's necessary for ebXML (B2B) as you mentioned. Thus JCP
publish JaXM Specification for Public Review this month (at 15th) there's no more
time to loose to implement such a System. P2P will grow all the time and
exchanging singatured XML Documents could become very popular.
For First step we have to add Canonical XML to dom4j and then we have to
offer singature support. Unfortunatly the XML Encryption Draft isn't stable
right now so it makes now sence to implement that at the moment.
As Canonicalization describes how a document must be styled to be comparable
(and of course its element branches) I guess we have to add following for
Canonical Support:
1) CannonicalNormalizer stlyes a non-canonical document into Canonical form.
2) Optional a CanonicalReader that reads even normalized Documents and
throws a exception if the the document isn't in Canonical from.
3) Optinal a CannonicalWriter to serialize a non-canonical document into
Canonical form.
For XML Singature support we need a smal set of classes. For that we have to
make further security design decission. It's never a good plan for simpliy
adding security and leaving all backdoors (or even frontdoors open). Do we
build a own SPI for Hashing or will we use any JCE compliant libary for that? (I
don't like Suns implementation because it's to DES centric.). I suppose we
should choose SHA as Hashing alogrithm.
We should create a SingatureFactory allowing the user to sign Document
compnents or a entire document recrusivly (using vistor or something like that).
So that's all I have to say about this for now :0)
Bye
Toby
--
Machen Sie Ihr Hobby zu Geld bei unserem Partner 1&1!
http://profiseller.de/info/index.php3?ac=OM.PS.PS003K00596T0409a
--
GMX - Die Kommunikationsplattform im Internet.
http://www.gmx.net
_______________________________________________
dom4j-user mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/dom4j-user
