Hi Allen, Thanks for your input.
What do you think of the proposal on http://wiki.oasis-open.org/xri/XrdOne/SimpleSign ? Would it be simple enough? (Well, I do not think it can go any simpler than that but... ;-). Would you implement it? On Thu, Jun 11, 2009 at 1:52 PM, Allen Tom <a...@yahoo-inc.com> wrote: > Hi Nat, > > Generating signatures is tricky, and XMLDSig is trickier than most. That > being said, there are libraries that do it, and they do seem to work. > > First of all, I'd be happier to see something other than XML, but if XML > has already been decided on, then I would not mind seeing something other > than XMLDSig, if the alternative is significantly for developers to generate > than XMLDSig. > > Allen > > Nat Sakimura wrote: > > Hmmm. > > Perhaps I did not spell my intent in the original mail well enough. > > My question was: > > (1) Is XML DSig easy enough for you developers to use? > (2) Is XML DSig supported in your environemnt? > e.g., Google AppEngine, Force.com, your hosting environment, your > own server, etc. > (3) If either (1) or (2) is negative, are you aimiable to use a very simple > alternative to it, > or you do not bother signing XRD at all? > > Best, > > =nat > > On Thu, Jun 11, 2009 at 4:16 AM, Santosh Rajan <santra...@gmail.com>wrote: > >> >> I agree that in XML they are not equivalent. Yes but the signing process >> itself is binary, it has nothing to do with text or its meaning. >> >> >> Hans Granqvist wrote: >> > >> >> Once you digitally sign a document, though physically the document >> >> remains >> >> in tact and retains its content type, after the act of signing, it is >> >> really >> >> a frozen bunch of bits. And if you dont make that distinction you get >> >> into >> >> all sorts of tangles. And that was the mistake made by XMLDSig. In >> other >> >> words after signing the Content-Type should be binary, whatever you >> want >> >> to >> >> call it. After verification it takes up its original Content-Type. >> > >> > In XML these two are equivalent: >> > >> > >> > >> > >> > >> > A signing process needs to understand this, and that is what XML Dsig >> > does. >> > XML was not defined to be a wire format. >> > >> > Hans >> > _______________________________________________ >> > general mailing list >> > gene...@openid.net >> > http://openid.net/mailman/listinfo/general >> > >> > >> >> >> ----- >> >> Santosh Rajan >> http://santrajan.blogspot.com http://santrajan.blogspot.com >> -- >> View this message in context: >> http://www.nabble.com/Signing-method-for-XRD-tp23956678p23969137.html >> Sent from the OpenID - General mailing list archive at Nabble.com. >> >> _______________________________________________ >> general mailing list >> gene...@openid.net >> http://openid.net/mailman/listinfo/general >> > > > > -- > Nat Sakimura (=nat) > http://www.sakimura.org/en/ > > ------------------------------ > _______________________________________________ > general mailing > listgene...@openid.nethttp://openid.net/mailman/listinfo/general > > > -- Nat Sakimura (=nat) http://www.sakimura.org/en/
_______________________________________________ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs