[xmlsec] New W3C xml spec
Aleksey Sanin
aleksey at aleksey.com
Tue Aug 25 23:13:43 PDT 2009
You will need to get and compile yourself "trunk" libxml2 and
"trunk" xmlsec to get support for c14n v1.1. Ignoring ECDSA,
everything should be supported.
Basically, I am waiting for the next libxml2 release to release
new version of xmlsec that supports XMLDSig 1.1.
Aleksey
Ashish Agrawal wrote:
> oh Yes, You are correct.
>
> I think the correct spec is
> :http://www.w3.org/2008/xmlsec/Drafts/xmldsig-core-11/
>
> Regards,
> Ashish
>
> On Wed, Aug 26, 2009 at 11:36 AM, Aleksey Sanin <aleksey at aleksey.com
> <mailto:aleksey at aleksey.com>> wrote:
>
> This is not xml dsig spec but widgets signature spec. I believe
> xmlsec supports the "signature" part of it and you can get the
> attributes like you describe directly from xml document.
>
> Aleksey
>
> Ashish Agrawal wrote:
>
> Hi Aleksey,
>
> The new DSig spec refers to the new xml properties like author,
> distributor etc:
>
> Example of a distributor signature
> <http://www.w3.org/TR/2009/CR-widgets-digsig-20090625/#distributor-signature>
> document, named |signature1.xml|:
>
>
> |<?xml version="1.0" encoding="UTF-8"?>
> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#"
> Id="DistributorASignature">
>
> <SignedInfo>
> <CanonicalizationMethod
> Algorithm="http://www.w3.org/2006/12/xml-c14n11"/>
> <SignatureMethod
> Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
>
> <Reference URI="config.xml">
> <DigestMethod
> Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
> <DigestValue>...</DigestValue>
>
> </Reference>
> <Reference URI="index.html">
> <DigestMethod
> Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
>
> <DigestValue>...</DigestValue>
> </Reference>
> <Reference URI="icon.png">
> <DigestMethod
> Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
>
> <DigestValue>...</DigestValue>
> </Reference>
> <Reference URI="#prop">
> <DigestMethod
> Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
>
> <DigestValue>...</DigestValue>
> </Reference>
> </SignedInfo>
> <Object Id="prop"> <SignatureProperties
> xmlns:dsp="http://www.w3.org/2009/xmldsig-properties">
>
> <SignatureProperty Id="profile" Target="#DistributorASignature">
> <dsp:Profile URI="http://www.w3.org/ns/widgets-digsig#profile"/>
>
> </SignatureProperty> <SignatureProperty Id="role"
> Target="#DistributorASignature">
> <dsp:Role
> URI="http://www.w3.org/ns/widgets-digsig#role-distributor"/>
>
> </SignatureProperty> <SignatureProperty Id="identifier"
> Target="#DistributorASignature">
> <dsp:Identifier>07425f59c544b9cebff04ab367e8854a</dsp:Identifier>
> </SignatureProperty>
> </SignatureProperties> </Object>
> <SignatureValue>...</SignatureValue>
> <KeyInfo>
> <X509Data>
> <X509Certificate>...</X509Certificate>
> </X509Data>
>
> </KeyInfo>
>
> Will this is supported by latest XMLSec.
>
> Regards,
> Ashish
> </Signature>|
>
>
>
> On Fri, Jul 24, 2009 at 8:58 PM, Aleksey Sanin
> <aleksey at aleksey.com <mailto:aleksey at aleksey.com>
> <mailto:aleksey at aleksey.com <mailto:aleksey at aleksey.com>>> wrote:
>
> This spec is based on XML DSig and I looks like xmlsec
> should be able to handle it as-is.
>
> Aleksey
>
>
> Ashish Agrawal wrote:
>
> Hi Aleksey,
>
> W3C has published a new spec.
>
> W3C Widgets 1.0: Digital Signatures specification :
> http://www.w3.org/TR/2009/CR-widgets-digsig-20090625/
>
> Do you plan to provide the same support in xmlsec.
>
> Regards,
> Ashish
>
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com <mailto:xmlsec at aleksey.com>
> <mailto:xmlsec at aleksey.com <mailto:xmlsec at aleksey.com>>
>
> http://www.aleksey.com/mailman/listinfo/xmlsec
>
>
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec
More information about the xmlsec
mailing list