Hi, All! Last couple weeks I made few performance tweaks and finished the api polishing. The new XML Sec Library version is ready to go out and I am only waiting for new LibXML2 release because I have few dependencies on the new stuff in it. This new XML Sec version looks very stable and will have "beta" status (no major API changes and so on). However, I would like to understand what is missing in the library and which features are interesting to the users. I have a small list of the things I probably want to add to XML Sec and I wrote down my thoughts about them. Please let me know what do you think and feel free to add stuff to my list.
Aleksey. XML Sec RFEs. ----------------------------------------------------------------------------- 1) XML Decryption Transform (http://www.w3.org/TR/xmlenc-decrypt) Some parts of the spec looks ugly for me (<dummy/> node for example). I am not sure I like this idea in general because from cryptographic point of view signature *MUST* be inside the message. Also at the end of all, you want to have the message decrypted and by using this transform you'll do decryption twice. However, it's a part of the XML Encryption spec (REQUIRED!!!!) and I have to implement it (not a big deal, really). 2) SHA2 (SHA256/512) OpenSSL does not support SHA2 and I do not want to add third party implementation. Probably I will wait for OpenSSL implementation unless there is a high demand for it. 3) PGP support I would like to have it but after shopping around I found only one solid open source PGP implementation (GnuPG). However, I could not use it in XMLSec: - there is no separated library (solvable problem); - GnuPG is release under GPL and I could not use it in XML Sec (MIT license) The licensing problem is also potentially solvable but I do not want to change the license for XML Sec (philosophical reasons with long explanation). On the other hand, I am not sure I want to implement the OpenPGP stuff myself (plus I also need to support the GnuPG trust db format :( ). This is also on hold unless there will be a strong demand for PGP support. 4) Bindings for other languages (Perl, Python, etc.) There are plans to create Perl bindings (not by me) and I am thinking about Python (as a chance to learn this language). Nothing else was requested. 5) XKMS Looks like a simple combination of XML DSig and XMLEnc. Seems to me that the correct and good implementation has a huge dependency on the backend infrastructure (databases format, etc.). I need to think about this but I do not see XKMS as a part of XML Sec. 6) WS Security from Miscrosoft and IBM As the XKMS looks simple. It's a big question for me should it be implemented at all because of patents around it. 7) SAML from OASIS Very complicated schemas with a small piece of crypto. I am not going to implement it. 8) You can place your feature here :)
