[xmlsec] Issues using xmlsec for SAML

Dave Chapman dave at dchapman.com
Mon May 26 14:29:11 PDT 2008

Aleksey Sanin wrote:
> You have to use OpenSSL, NSS, or any other crypto provider functions
> to access this information.

Is there a reason for xmlsec not providing access to this information?

It would seem to me to be a fundamental feature of signatures - anyone 
checking a signature needs to know both a) that the signature is valid 
and the document hasn't been modified since signing; and b) who signed 
the file.

How do other people reading this mail deal with this issue?



More information about the xmlsec mailing list