On 18 Mar 2012, at 06:55, Pushpalanka Jayawardhana wrote: Hi Pushpalanka,
> Hi, > > I am Pushpalanka Jayawardhana, and I am willing to complete this new > feature, WOOKIE-139 as my GSoC project this year. Great! > I have experience related to WS-security in my internship period and I love > to sharpen knowledge in the field. I have worked with digital signatures > using > OpenSAML library in implementing SAML for XACML. But new to Wookie widgets. > > Currently I am going through this > spec<http://dev.w3.org/2006/waf/widgets-digsig/>and having hands on > experience with Wookie according to this > guidance <http://incubator.apache.org/wookie/docs/developer/running.html>in > standalone mode. > I am thankful for any guidance on how should I proceed. This is definitely the place to start. The DigSig spec is clearly the main source of official information, and to understand how it fits with Wookie the main thing is to get familiar with Wookie - both in terms of how it works and also the general structure of the project. There is also a basic test suite at W3C for the DigSig spec that includes lots of sample widgets for testing signature validation: http://dev.w3.org/2006/waf/widgets-digsig/test-suite/ I can think of two areas where you might want to look at implementing digsig in Wookie: 1. Wookie has a generic W3C Widget Parser library (in /parser) that builds as a standalone jar that can be used in other Java-based W3C Widget implementations as well as the Wookie server itself. DigSig functionality could be added to the parser itself, so that when a .wgt package is sent to the parser, it can also optionally validate signatures. The entry point for this is the W3CWidgetFactory class: http://svn.apache.org/viewvc/incubator/wookie/trunk/parser/java/src/org/apache/wookie/w3c/W3CWidgetFactory.java?view=markup 2. In the main Wookie server there are various points where signatures might be implemented. For example, we may want to store a list of trusted authors and distributors for each server - this could then be passed to the Parser factory when asking it to check a .wgt. Metadata about signatories and validation results could also be included in the XML returned to connectors about widgets. Hope this helps - good luck with your GSoC application! S > > Thank you! > Best Regards, > > Pushpalanka Jayawardhana | Undergraduate | Computer Science and Engineering > University of Moratuwa > > +94779716248 > [image: Facebook] <https://www.facebook.com/pushpalanka> [image: > Twitter]<http://twitter.com/Pushpalanka> [image: > Blogger] <http://pushpalankajaya.blogspot.com/> [image: > SlideShare]<http://www.slideshare.net/Pushpalanka> [image: > LinkedIn] <http://lk.linkedin.com/pub/pushpalanka-jayawardhana/21/214/50a> > Contact me: [image: Google Talk] Pushpalanka [image: Y! Messenger]Pushpalanka
