Hi Nat,
Generating signatures is tricky, and XMLDSig is trickier than most. That
being said, there are libraries that do it, and they do seem to work.
First of all, I'd be happier to see something other than XML, but if XML
has already been decided on, then I would not mind seeing something
other than XMLDSig, if the alternative is significantly for developers
to generate than XMLDSig.
Allen
Nat Sakimura wrote:
Hmmm.
Perhaps I did not spell my intent in the original mail well enough.
My question was:
(1) Is XML DSig easy enough for you developers to use?
(2) Is XML DSig supported in your environemnt?
e.g., Google AppEngine, Force.com, your hosting environment,
your own server, etc.
(3) If either (1) or (2) is negative, are you aimiable to use a very
simple alternative to it,
or you do not bother signing XRD at all?
Best,
=nat
On Thu, Jun 11, 2009 at 4:16 AM, Santosh Rajan <santra...@gmail.com
<mailto:santra...@gmail.com>> wrote:
I agree that in XML they are not equivalent. Yes but the signing
process
itself is binary, it has nothing to do with text or its meaning.
Hans Granqvist wrote:
>
>> Once you digitally sign a document, though physically the document
>> remains
>> in tact and retains its content type, after the act of signing,
it is
>> really
>> a frozen bunch of bits. And if you dont make that distinction
you get
>> into
>> all sorts of tangles. And that was the mistake made by XMLDSig.
In other
>> words after signing the Content-Type should be binary, whatever
you want
>> to
>> call it. After verification it takes up its original Content-Type.
>
> In XML these two are equivalent:
>
>
>
>
>
> A signing process needs to understand this, and that is what XML
Dsig
> does.
> XML was not defined to be a wire format.
>
> Hans
> _______________________________________________
> general mailing list
> gene...@openid.net <mailto:gene...@openid.net>
> http://openid.net/mailman/listinfo/general
>
>
-----
Santosh Rajan
http://santrajan.blogspot.com http://santrajan.blogspot.com
--
View this message in context:
http://www.nabble.com/Signing-method-for-XRD-tp23956678p23969137.html
Sent from the OpenID - General mailing list archive at Nabble.com.
_______________________________________________
general mailing list
gene...@openid.net <mailto:gene...@openid.net>
http://openid.net/mailman/listinfo/general
--
Nat Sakimura (=nat)
http://www.sakimura.org/en/
------------------------------------------------------------------------
_______________________________________________
general mailing list
gene...@openid.net
http://openid.net/mailman/listinfo/general
_______________________________________________
specs mailing list
specs@openid.net
http://openid.net/mailman/listinfo/specs