[xmlsec] WS-Security question
Frank Gross
fg at 4js.com
Wed Jun 4 07:12:30 PDT 2008
Thanks for the answer, it's clear :-)
Did you have time to look at the two patches I sent some times ago ?
It was about "How to avoid the node passed to xmlSecEncCtxXmlEncrypt to
be released" and "Detached signature validation problem"
And Alexandre, of course I'm interested in a WS-Security library over
xmlsec, especially to handle the different kind of WS-token and the
additionnal so-called STR Dereference Transform. But I'm not sure that
an additional library is necessary. I think that if there is a mechanism
i n xmlsec to handle (as for instance with callback functions) child
elements of ds:KeyInfo that don't belong to the XML signature namespace,
it should be enough to retrieve the key information associated to a
WS-token. Then any SOAP toolkit could be used to handle secured SOAP
requests. But I must agree I didn't investigate that much, I still need
to understand the XML-Security spec before to look into the WS-Security
spec.
Thanks a lot,
Frank
Aleksey Sanin a écrit :
> I accept patches :)
>
> Aleksey
>
> Frank Gross wrote:
>> Hi,
>>
>> I've read the WS-Security spec from OASIS, and saw that some
>> WS-Security tokens can be child of a ds:KeyInfo node. Are there any
>> plans to support WS-Security or at least a mechanism to extend xmlsec
>> in order to handle such WS-Security token when signing or validating
>> a document ?
>>
>> Regards,
>> Frank
>> _______________________________________________
>> xmlsec mailing list
>> xmlsec at aleksey.com
>> http://www.aleksey.com/mailman/listinfo/xmlsec
>
More information about the xmlsec
mailing list