[xmlsec] XMLSec Library roadmap

Aleksey Sanin aleksey at aleksey.com
Thu May 16 00:07:25 PDT 2002 

Hi, All!

Last couple weeks I made few performance tweaks and finished the api
polishing. The new XML Sec Library version is ready to go out and I am
only waiting for new LibXML2 release because I have few dependencies
on the new stuff in it. This new XML Sec version looks very stable and
will have "beta" status (no major API changes and so on).
However, I would like to understand what is missing in the library and 
which
features are interesting to the users. I have a small list of the things 
I probably
want to add to XML Sec and I wrote down my thoughts about them.
Please let me know what do you think and feel free to add stuff to my list.


Aleksey.


XML Sec RFEs.
-----------------------------------------------------------------------------

1) XML Decryption Transform (http://www.w3.org/TR/xmlenc-decrypt)
Some parts of the spec looks ugly for me (<dummy/> node for example). I 
am not
sure I like this idea in general because from cryptographic point of 
view signature
*MUST* be inside the message. Also at the end of all, you want to have 
the message
decrypted and by using this transform you'll do decryption twice.
However, it's a part of the XML Encryption spec (REQUIRED!!!!) and I 
have to implement it
(not a big deal, really).

2) SHA2 (SHA256/512)
OpenSSL does not support SHA2 and I do not want to add third party 
implementation.
Probably I will wait for OpenSSL implementation unless there is a high 
demand for it.

3) PGP support
I would like to have it but after shopping around I found only one solid 
open source PGP
implementation (GnuPG). However, I could not use it in XMLSec:
    - there is no separated library (solvable problem);
    - GnuPG is release under GPL and I could not use it in XML Sec (MIT 
license)
The licensing problem is also potentially solvable but I do not want to 
change the
license for XML Sec (philosophical reasons with long explanation).
On the other hand, I am not sure I want to implement the OpenPGP stuff 
myself
(plus I also need to support the GnuPG trust db format :( ). This is 
also on hold unless
there will be a strong demand for PGP support.

4) Bindings for other languages (Perl, Python, etc.)
There are plans to create Perl bindings (not by me) and I am thinking 
about Python (as a chance
to learn this language). Nothing else was requested.

5) XKMS
Looks like a simple combination of XML DSig and XMLEnc. Seems to me that 
the correct
and good implementation has a huge dependency on the backend 
infrastructure (databases format, etc.).
I need to think about this but I do not see XKMS as a part of XML Sec.

6) WS Security from Miscrosoft and IBM
As the XKMS looks simple. It's a big question for me should it be 
implemented at all because of
patents around it.

7) SAML from OASIS
Very complicated schemas with a small piece of crypto. I am not going to 
implement it.

8) You can place your feature here :)

More information about the xmlsec mailing list