[xmlsec] WS-Security question

Frank Gross fg at 4js.com
Wed Jun 4 07:12:30 PDT 2008

Thanks for the answer, it's clear :-)

Did you have time to look at the two patches I sent some times ago ?
It was about "How to avoid the node passed to xmlSecEncCtxXmlEncrypt to 
be released" and "Detached signature validation problem"

And Alexandre, of course I'm interested in a WS-Security library over 
xmlsec, especially to handle the different kind of WS-token and the 
additionnal so-called STR Dereference Transform. But I'm not sure that 
an additional library is necessary. I think that if there is a mechanism 
i n xmlsec to handle (as for instance with callback functions) child 
elements of ds:KeyInfo that don't belong to the XML signature namespace, 
it should be enough to retrieve the key information associated to a 
WS-token. Then any SOAP toolkit could be used to handle secured SOAP 
requests. But I must agree I didn't investigate that much, I still need 
to understand the XML-Security spec before to look into the WS-Security 

Thanks a lot,


Aleksey Sanin a écrit :
> I accept patches :)
> Aleksey
> Frank Gross wrote:
>> Hi,
>>  I've read the WS-Security spec from OASIS, and saw that some 
>> WS-Security tokens can be child of a ds:KeyInfo node. Are there any 
>> plans to support WS-Security or at least a mechanism to extend xmlsec 
>> in order to handle such WS-Security token when signing or validating 
>> a document ?
>> Regards,
>> Frank
>> _______________________________________________
>> xmlsec mailing list
>> xmlsec at aleksey.com
>> http://www.aleksey.com/mailman/listinfo/xmlsec

More information about the xmlsec mailing list