[xmlsec] XMLSec Library roadmap
aleksey at aleksey.com
Thu May 16 00:07:25 PDT 2002
Last couple weeks I made few performance tweaks and finished the api
polishing. The new XML Sec Library version is ready to go out and I am
only waiting for new LibXML2 release because I have few dependencies
on the new stuff in it. This new XML Sec version looks very stable and
will have "beta" status (no major API changes and so on).
However, I would like to understand what is missing in the library and
features are interesting to the users. I have a small list of the things
want to add to XML Sec and I wrote down my thoughts about them.
Please let me know what do you think and feel free to add stuff to my list.
XML Sec RFEs.
1) XML Decryption Transform (http://www.w3.org/TR/xmlenc-decrypt)
Some parts of the spec looks ugly for me (<dummy/> node for example). I
sure I like this idea in general because from cryptographic point of
*MUST* be inside the message. Also at the end of all, you want to have
decrypted and by using this transform you'll do decryption twice.
However, it's a part of the XML Encryption spec (REQUIRED!!!!) and I
have to implement it
(not a big deal, really).
2) SHA2 (SHA256/512)
OpenSSL does not support SHA2 and I do not want to add third party
Probably I will wait for OpenSSL implementation unless there is a high
demand for it.
3) PGP support
I would like to have it but after shopping around I found only one solid
open source PGP
implementation (GnuPG). However, I could not use it in XMLSec:
- there is no separated library (solvable problem);
- GnuPG is release under GPL and I could not use it in XML Sec (MIT
The licensing problem is also potentially solvable but I do not want to
license for XML Sec (philosophical reasons with long explanation).
On the other hand, I am not sure I want to implement the OpenPGP stuff
(plus I also need to support the GnuPG trust db format :( ). This is
also on hold unless
there will be a strong demand for PGP support.
4) Bindings for other languages (Perl, Python, etc.)
There are plans to create Perl bindings (not by me) and I am thinking
about Python (as a chance
to learn this language). Nothing else was requested.
Looks like a simple combination of XML DSig and XMLEnc. Seems to me that
and good implementation has a huge dependency on the backend
infrastructure (databases format, etc.).
I need to think about this but I do not see XKMS as a part of XML Sec.
6) WS Security from Miscrosoft and IBM
As the XKMS looks simple. It's a big question for me should it be
implemented at all because of
patents around it.
7) SAML from OASIS
Very complicated schemas with a small piece of crypto. I am not going to
8) You can place your feature here :)
More information about the xmlsec