Hi Nat,

Generating signatures is tricky, and XMLDSig is trickier than most. That being said, there are libraries that do it, and they do seem to work.

First of all, I'd be happier to see something other than XML, but if XML has already been decided on, then I would not mind seeing something other than XMLDSig, if the alternative is significantly for developers to generate than XMLDSig.

Allen

Nat Sakimura wrote:
Hmmm.

Perhaps I did not spell my intent in the original mail well enough.

My question was:

(1) Is XML DSig easy enough for you developers to use?
(2) Is XML DSig supported in your environemnt?
e.g., Google AppEngine, Force.com, your hosting environment, your own server, etc. (3) If either (1) or (2) is negative, are you aimiable to use a very simple alternative to it,
       or you do not bother signing XRD at all?

Best,

=nat

On Thu, Jun 11, 2009 at 4:16 AM, Santosh Rajan <santra...@gmail.com <mailto:santra...@gmail.com>> wrote:


    I agree that in XML they are not equivalent. Yes but the signing
    process
    itself is binary, it has nothing to do with text or its meaning.


    Hans Granqvist wrote:
    >
    >> Once you digitally sign a document, though physically the document
    >> remains
    >> in tact and retains its content type, after the act of signing,
    it is
    >> really
    >> a frozen bunch of bits. And if you dont make that distinction
    you get
    >> into
    >> all sorts of tangles. And that was the mistake made by XMLDSig.
    In other
    >> words after signing the Content-Type should be binary, whatever
    you want
    >> to
    >> call it. After verification it takes up its original Content-Type.
    >
    > In XML these two are equivalent:
    >
    >
    >
    >
    >
    > A signing process needs to understand this, and that is what XML
    Dsig
    > does.
    > XML was not defined to be a wire format.
    >
    > Hans
    > _______________________________________________
    > general mailing list
    > gene...@openid.net <mailto:gene...@openid.net>
    > http://openid.net/mailman/listinfo/general
    >
    >


    -----

    Santosh Rajan
    http://santrajan.blogspot.com http://santrajan.blogspot.com
    --
    View this message in context:
    http://www.nabble.com/Signing-method-for-XRD-tp23956678p23969137.html
    Sent from the OpenID - General mailing list archive at Nabble.com.

    _______________________________________________
    general mailing list
    gene...@openid.net <mailto:gene...@openid.net>
    http://openid.net/mailman/listinfo/general




--
Nat Sakimura (=nat)
http://www.sakimura.org/en/
------------------------------------------------------------------------

_______________________________________________
general mailing list
gene...@openid.net
http://openid.net/mailman/listinfo/general

_______________________________________________
specs mailing list
specs@openid.net
http://openid.net/mailman/listinfo/specs

Reply via email to