[OpenID] Signing method for XRD

Allen Tom atom at yahoo-inc.com
Thu Jun 11 04:52:42 UTC 2009 

Hi Nat,

Generating signatures is tricky, and XMLDSig is trickier than most. That 
being said, there are libraries that do it, and they do seem to work.

First of all, I'd be happier to see something other than XML, but if XML 
has already been decided on, then I would not mind seeing something 
other than XMLDSig, if the alternative is significantly for developers 
to generate than XMLDSig.

Allen

Nat Sakimura wrote:
> Hmmm.
>
> Perhaps I did not spell my intent in the original mail well enough.
>
> My question was:
>
> (1) Is XML DSig easy enough for you developers to use?
> (2) Is XML DSig supported in your environemnt?
>        e.g., Google AppEngine, Force.com, your hosting environment, 
> your own server, etc.
> (3) If either (1) or (2) is negative, are you aimiable to use a very 
> simple alternative to it,
>        or you do not bother signing XRD at all?
>
> Best,
>
> =nat
>
> On Thu, Jun 11, 2009 at 4:16 AM, Santosh Rajan <santrajan at gmail.com 
> <mailto:santrajan at gmail.com>> wrote:
>
>
>     I agree that in XML they are not equivalent. Yes but the signing
>     process
>     itself is binary, it has nothing to do with text or its meaning.
>
>
>     Hans Granqvist wrote:
>     >
>     >> Once you digitally sign a document, though physically the document
>     >> remains
>     >> in tact and retains its content type, after the act of signing,
>     it is
>     >> really
>     >> a frozen bunch of bits. And if you dont make that distinction
>     you get
>     >> into
>     >> all sorts of tangles. And that was the mistake made by XMLDSig.
>     In other
>     >> words after signing the Content-Type should be binary, whatever
>     you want
>     >> to
>     >> call it. After verification it takes up its original Content-Type.
>     >
>     > In XML these two are equivalent:
>     >
>     >
>     >
>     >
>     >
>     > A signing process needs to understand this, and that is what XML
>     Dsig
>     > does.
>     > XML was not defined to be a wire format.
>     >
>     > Hans
>     > _______________________________________________
>     > general mailing list
>     > general at openid.net <mailto:general at openid.net>
>     > http://openid.net/mailman/listinfo/general
>     >
>     >
>
>
>     -----
>
>     Santosh Rajan
>     http://santrajan.blogspot.com http://santrajan.blogspot.com
>     --
>     View this message in context:
>     http://www.nabble.com/Signing-method-for-XRD-tp23956678p23969137.html
>     Sent from the OpenID - General mailing list archive at Nabble.com.
>
>     _______________________________________________
>     general mailing list
>     general at openid.net <mailto:general at openid.net>
>     http://openid.net/mailman/listinfo/general
>
>
>
>
> -- 
> Nat Sakimura (=nat)
> http://www.sakimura.org/en/
> ------------------------------------------------------------------------
>
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>   

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs/attachments/20090610/9bb733f9/attachment.htm>

More information about the specs mailing list