[OpenID] Signing method for XRD

Hubert Le Van Gong Hubert.Levangong at Sun.COM
Mon Jun 15 14:33:57 UTC 2009 

Most enterprise deployments (think banks, telcos etc.) that use SAML for
SSO deployments do use XML DSig. It is not such a big deal.

Hubert


On Jun 15, 2009, at 4:24 PM, Santosh Rajan wrote:

>
> Let me put this in perspective before before we start going in all
> directions.
>
> The whole purpose of XRD was to simplify XRDS. By adding XML-Dsig  
> you are
> going back to square A. We might as well stick to XRDS then.
>
> The idea of XRD was KISS - "Keep it simple stupid".
>
>
>
> Hans Granqvist wrote:
>>
>>
>> Haha, this is funny. Surely the volume of XRD messages vastly
>> outnumbers the billions of daily signed SOAP and SAML messages. :)
>>
>
> Can you give me one example where "XML Dsig signed SOAP and SAML" is  
> being
> used by millions of users in a network?
>
>
>
>> Seriously, why are you knocking down a standard that actually has
>> proven itself to work pretty well considering the set of difficulties
>> inherent in using an abstract format like XML?
>>
>
> I am not knocking it down. A whole lot of people seem to be unhappy  
> with
> XML-Dsig. You read about it every where you read about XMLDSig. Try
> wikipedia for starters.
>
>
>
>> Perhaps a different concrete representation (json?) would be easier  
>> to
>> sign?
>>
>
> JSON is a great idea as long as you sign it as is, and apply the
> Content-Type, so that it is not modified in transit.
>
>
>
> -----
>
> Santosh Rajan
> http://santrajan.blogspot.com http://santrajan.blogspot.com
> -- 
> View this message in context: http://www.nabble.com/Signing-method-for-XRD-tp23956678p24035560.html
> Sent from the OpenID - General mailing list archive at Nabble.com.
>
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general

--
Hubert A. Le Van Gong
Identity Architect
Sun microsystems, Inc.


17 Rue Duprey
Grenoble, 38000
France

--------------------------------------------------
email: hubert.levangong at sun.COM
tel:+33 4 7663 0935
blog: http://blog.levangong.com/

N 45  12.011'
W 005  44.217'

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090615/28f846ca/attachment.htm>

More information about the general mailing list