I'm happy to announce that we're (IBM & Sun) finally ready to contribute
the JSR 105 [1] (Java XML DSig) implementation back to Apache. As you
might know the JSR 105 reference implementation is largely based on the
Apache Java XMLSec implementation, and we'll be contributing the API and
additional code that was necessary to retrofit Apache's implementation.
I have some ideas about the best way to integrate this code, and I would
like to share that with you and see if you have any other advice or
suggestions.
I think a two phased approach is best. Phase 1 would consist of a
release in the next 1-3 months and phase 2 would be a longer term
release in the next 6 months.
The purpose of phase 1 is to release JSR 105 as quickly as possible so
the Apache XMLSec community can start using and working on it in the
near term. The current JSR 105 implementation works pretty much
out-of-the-box with XMLSec v1.2.1 with minimal changes to the Apache
source code. This phase 1 release would not break API compatibility and
allow developers to migrate to JSR 105 at their own speed. For phase 1,
I think a 1.4 release makes most sense, since I know Raul is close to
releasing a 1.3 bug-fix/performance improvement release.
Phase 2 would be a longer-term release and would consist of removing
redundant code and APIs and generally making a cleaner fit beneath the
JSR 105 APIs. This means that API compatibility would be broken so it
would have to be a 2.0 release.
What do people feel about this plan?
Thanks,
Sean
[1]: http://jcp.org/en/jsr/detail?id=105
