We have started the development work of security feature before migrated to Apache.
In the former design, this feature include three parts: 1. document encryption/decryption; 2. document digital signature; 3. document fields protection, e.g. table and cell write protection. We have finish the work that: 1. Supply signature and manifest features to code generator plugin to support to generate element and attribute classes for security. For patch file and more information please reference this issue: https://issues.apache.org/jira/browse/ODFTOOLKIT-199; 2. Realized the document encryption/decryption function. For patch file and more information please reference this issue: https://issues.apache.org/jira/browse/ODFTOOLKIT-200; We need to continue work on the following issues: 1. docuemt digital signature. There are several problems to resolve. (1) Upgrade JDK support version to version 6. Java SE 6 supplies the implementation of JSR 105, the XML digital signature standard. If we use XML encryption and digital signature API of JDK 6, ODFDOM needs update JDK support version from 5 to 6. (2) Different from other xml file, such as content.xml, why documentsignatures.xml is not namespace aware? For example, "Signature" element, only the local name Signature, not including "ds" namespace. (3) Why Open Office generates three same content X509Certificate elements for X509Data in documentsignatures.xml? (4) How to generate XML ID datatype value? UDDI is too short... OpenOffice ID_003a00a40036005c0099001b004900a400960062003000c500f900e300af00f7 UDDI ID_79200773-ec61-43d5-b079-a26a081bfb08 2. cryptographic software export control. There is also a discussion in OpenOffice community, see: Request dev help: Info for required crypto export declaration http://mail-archives.apache.org/mod_mbox/incubator-ooo-dev/201108.mbox/%3cCAP-ksojaTvK1J3zr=Nx2a2B2WRVNNsZORhR7UaLz=swivtu...@mail.gmail.com%3e 3. realize document fields protection in Simple API. Please join the discussion and give your comments;) -- -Devin
