[xmlsec] XMLSec Library roadmap
Aleksey Sanin
aleksey@aleksey.com
Thu, 16 May 2002 00:07:25 -0700
Hi, All!
Last couple weeks I made few performance tweaks and finished the api
polishing. The new XML Sec Library version is ready to go out and I am
only waiting for new LibXML2 release because I have few dependencies
on the new stuff in it. This new XML Sec version looks very stable and
will have "beta" status (no major API changes and so on).
However, I would like to understand what is missing in the library and
which
features are interesting to the users. I have a small list of the things
I probably
want to add to XML Sec and I wrote down my thoughts about them.
Please let me know what do you think and feel free to add stuff to my list.
Aleksey.
XML Sec RFEs.
-----------------------------------------------------------------------------
1) XML Decryption Transform (http://www.w3.org/TR/xmlenc-decrypt)
Some parts of the spec looks ugly for me (<dummy/> node for example). I
am not
sure I like this idea in general because from cryptographic point of
view signature
*MUST* be inside the message. Also at the end of all, you want to have
the message
decrypted and by using this transform you'll do decryption twice.
However, it's a part of the XML Encryption spec (REQUIRED!!!!) and I
have to implement it
(not a big deal, really).
2) SHA2 (SHA256/512)
OpenSSL does not support SHA2 and I do not want to add third party
implementation.
Probably I will wait for OpenSSL implementation unless there is a high
demand for it.
3) PGP support
I would like to have it but after shopping around I found only one solid
open source PGP
implementation (GnuPG). However, I could not use it in XMLSec:
- there is no separated library (solvable problem);
- GnuPG is release under GPL and I could not use it in XML Sec (MIT
license)
The licensing problem is also potentially solvable but I do not want to
change the
license for XML Sec (philosophical reasons with long explanation).
On the other hand, I am not sure I want to implement the OpenPGP stuff
myself
(plus I also need to support the GnuPG trust db format :( ). This is
also on hold unless
there will be a strong demand for PGP support.
4) Bindings for other languages (Perl, Python, etc.)
There are plans to create Perl bindings (not by me) and I am thinking
about Python (as a chance
to learn this language). Nothing else was requested.
5) XKMS
Looks like a simple combination of XML DSig and XMLEnc. Seems to me that
the correct
and good implementation has a huge dependency on the backend
infrastructure (databases format, etc.).
I need to think about this but I do not see XKMS as a part of XML Sec.
6) WS Security from Miscrosoft and IBM
As the XKMS looks simple. It's a big question for me should it be
implemented at all because of
patents around it.
7) SAML from OASIS
Very complicated schemas with a small piece of crypto. I am not going to
implement it.
8) You can place your feature here :)