Hi Scott, This helps a lot. Thank you!
On Sun, Mar 18, 2012 at 2:35 PM, Scott Wilson < [email protected]> wrote: > On 18 Mar 2012, at 06:55, Pushpalanka Jayawardhana wrote: > > Hi Pushpalanka, > > > > Hi, > > > > I am Pushpalanka Jayawardhana, and I am willing to complete this new > > feature, WOOKIE-139 as my GSoC project this year. > > Great! > > > I have experience related to WS-security in my internship period and I > love > > to sharpen knowledge in the field. I have worked with digital signatures > > using > > OpenSAML library in implementing SAML for XACML. But new to Wookie > widgets. > > > > Currently I am going through this > > spec<http://dev.w3.org/2006/waf/widgets-digsig/>and having hands on > > experience with Wookie according to this > > guidance <http://incubator.apache.org/wookie/docs/developer/running.html > >in > > standalone mode. > > I am thankful for any guidance on how should I proceed. > > > This is definitely the place to start. The DigSig spec is clearly the main > source of official information, and to understand how it fits with Wookie > the main thing is to get familiar with Wookie - both in terms of how it > works and also the general structure of the project. > > There is also a basic test suite at W3C for the DigSig spec that includes > lots of sample widgets for testing signature validation: > > http://dev.w3.org/2006/waf/widgets-digsig/test-suite/ > > I can think of two areas where you might want to look at implementing > digsig in Wookie: > > 1. Wookie has a generic W3C Widget Parser library (in /parser) that builds > as a standalone jar that can be used in other Java-based W3C Widget > implementations as well as the Wookie server itself. DigSig functionality > could be added to the parser itself, so that when a .wgt package is sent to > the parser, it can also optionally validate signatures. The entry point for > this is the W3CWidgetFactory class: > > > http://svn.apache.org/viewvc/incubator/wookie/trunk/parser/java/src/org/apache/wookie/w3c/W3CWidgetFactory.java?view=markup > > 2. In the main Wookie server there are various points where signatures > might be implemented. For example, we may want to store a list of trusted > authors and distributors for each server - this could then be passed to the > Parser factory when asking it to check a .wgt. Metadata about signatories > and validation results could also be included in the XML returned to > connectors about widgets. > > Hope this helps - good luck with your GSoC application! > > S > > > > > Thank you! > > Best Regards, > > > > Pushpalanka Jayawardhana | Undergraduate | Computer Science and > Engineering > > University of Moratuwa > > > > +94779716248 > > [image: Facebook] <https://www.facebook.com/pushpalanka> [image: > > Twitter]<http://twitter.com/Pushpalanka> [image: > > Blogger] <http://pushpalankajaya.blogspot.com/> [image: > > SlideShare]<http://www.slideshare.net/Pushpalanka> [image: > > LinkedIn] < > http://lk.linkedin.com/pub/pushpalanka-jayawardhana/21/214/50a> > > Contact me: [image: Google Talk] Pushpalanka [image: Y! > Messenger]Pushpalanka > > -- Pushpalanka Jayawardhana | Undergraduate | Computer Science and Engineering University of Moratuwa +94779716248 | http://pushpalankajaya.blogspot.com Twitter: http://twitter.com/Pushpalanka | Slideshare: http://www.slideshare.net/Pushpalanka
