Many, many thanks Sean. You just settled quite a few discussions in my shop.
You're welcome.
A follow up question:
Slides presented at JavaOne referred to JSR 105 and 106 being included in
J2SE 1.5. What does this imply, exactly?
105/106 were originally targeted for J2SE 1.5 but since then the release has been scaled back and this was one of the things that was dropped.
Are JSR 105 and 106 built around an SPI model like JCA/JCE are?
Yes, vendors will be able to plug in their own implementations.
Will there be a "reference implementation"
of 105/106 included in the J2SE 1.5 distro?
There will be an RI but it won't be included in 1.5.
Or will we still need a 3rd party XML-Security toolkit like Apache XML-Security alongside J2SE 1.5, assuming that the toolkit has rolled out 105/106 compliance?
The choice of a 105/106 provider will be up to you, just as you choose to use different JCA/JCE providers.
I am sorry I can't give you much more details about the RI at this time. I hope to have more information about the 105 RI that I can share with you soon.
Thanks, Sean
Thanks again, -Jon
-----Original Message----- From: Sean Mullan [mailto:[EMAIL PROTECTED] Sent: Friday, January 23, 2004 1:24 PM To: [EMAIL PROTECTED] Subject: Re: [Java] Newb question concerning XML-Sec JCE requirements
Anderson Jonathan wrote:
Hi everyone, Apologies in advance for what is probably a rather naive question.
Current
distributions of Apache XML-Security contain no third party JCE, but all
of
the documentation points to using the latest versions of the Bouncy Castle JCE as the provider for XML-Security. I am dealing with clients that are hyper-sensitive to non-U.S. crypto implementations, and so I pose the question:
If I am using J2SE 1.4.2 (1.4.2_03, to be precise), does the default Sun provider that ships with 1.4.2 provide everything I need to use
XML-Security
to both sign and encrypt? I was initially suspicious of the SunJCE supporting SHA1withRSA (I am primarily concerned with XML-DSIG), but it appears to me that 1.4.2 SunJCE supports it just fine.
I would sincerely be grateful if someone could either confirm that the 1.4.2 SunJCE supports all of the Apache XML-Security use cases OR provide
me
with a list of use cases that require a third party JCE such as Bouncy Castle.
Sun's JCA/JCE provider in 1.4.2 should have everything you need for XML DSig and has almost everything you need for XML Enc. These are the exceptions:
- we don't support the XML Encryption Block Encryption Padding algorithm (ISO10126) This will be fixed in 1.5, which a beta version will be available soon. As a workaround you might be to do the padding/unpadding yourself.
- we don't support the XML Encryption RSA and RSA-OAEP key transport algorithms. Both of these will be supported in 1.5 (beta available soon).
--Sean
