OpenSAML user discussion

[Scott Cantor <>]

I think this answers some of the questions that have come up...

-- Scott 

-----Original Message-----
From: news 
[mailto:]
 On Behalf Of Pete
Sent: Friday, June 04, 2004 8:40 AM
To: 

Subject: Re: XML Security library & Websphere

Even though bouncycastle is free, I'd still like to use the IBM JCE
provider in
WebSphere v5.  I was able to get it working with the Apache Axis
samples.security (http://www.w3.org/2000/09/xmldsig#dsa-sha1) by
updating the
config.xml as follows:

        <Provider Id="IBM"
                   Class="com.ibm.crypto.provider.IBMJCE"
                   Info="IBM JCE Provider"
                   ProviderURL="http://www.ibm.com/"; />

i had to guess on these algorithms - there may be more...or less.
i found some documentation here:
http://www-1.ibm.com/servers/eserver/zseries/software/java/jcealgo.htm
l
http://www-1.ibm.com/servers/eserver/zseries/software/java/jce.html
Maybe someone out there knows enought to make this complete.

         <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#md5";
                    Description="MD5 message digest from RFC 1321"
                    AlgorithmClass="MessageDigest"
                    RequirementLevel="NOT RECOMMENDED"

SpecificationURL="http://www.ietf.org/internet-drafts/draft-eastlake-
xmldsig-uri-02.txt">
            <ProviderAlgo ProviderId="IBMJCE"
                          JCEName="MD5" />
            <ProviderAlgo ProviderId="BC"
                          JCEName="MD5" />
            <ProviderAlgo ProviderId="SUN"
                          JCEName="MD5" />
         </Algorithm>
         <Algorithm URI="http://www.w3.org/2000/09/xmldsig#sha1";
                    Description="SHA-1 message digest"
                    AlgorithmClass="MessageDigest"
                    RequirementLevel="REQUIRED">
            <ProviderAlgo ProviderId="IBMJCE"
                          JCEName="SHA1" />
            <ProviderAlgo ProviderId="BC"
                          JCEName="SHA-1" />
            <ProviderAlgo ProviderId="SUN"
                          JCEName="SHA-1" />
            <ProviderAlgo ProviderId="IAIK"
                          JCEName="SHA-1" />
            <ProviderAlgo ProviderId="Cryptix"
                          JCEName="SHA-1" />
         </Algorithm>
         <Algorithm URI="http://www.w3.org/2000/09/xmldsig#dsa-sha1";
                    Description="Digital Signature Algorithm with
                    SHA-1 message
digest"
                    AlgorithmClass="Signature"
                    RequirementLevel="REQUIRED">
            <ProviderAlgo ProviderId="IBMJCE"
                          JCEName="SHA1WithDSA" />
            <ProviderAlgo ProviderId="BC"
                          JCEName="DSA" />
            <ProviderAlgo ProviderId="SUN"
                          JCEName="DSAWithSHA1" />
            <ProviderAlgo ProviderId="IAIK"
                          JCEName="DSA" />
         </Algorithm>

         <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#rsa-
         md5"
                    Description="RSA Signature with MD5 message
                    digest"
                    AlgorithmClass="Signature"
                    RequirementLevel="NOT RECOMMENDED"

SpecificationURL="http://www.ietf.org/internet-drafts/draft-eastlake-
xmldsig-uri-02.txt">
            <ProviderAlgo ProviderId="IBMJCE"
                          JCEName="MD5WithRSA" />
            <ProviderAlgo ProviderId="BC"
                          JCEName="MD5WithRSAEncryption" />
            <ProviderAlgo ProviderId="SunRsaSign"
                          JCEName="MD5WithRSA" />
         </Algorithm>
         <Algorithm URI="http://www.w3.org/2000/09/xmldsig#rsa-sha1";
                    Description="RSA Signature with SHA-1 message
                    digest"
                    AlgorithmClass="Signature"
                    RequirementLevel="RECOMMENDED">
            <ProviderAlgo ProviderId="IBMJCE"
                          JCEName="SHA1withRSA" />
            <ProviderAlgo ProviderId="BC"
                          JCEName="SHA1WithRSAEncryption" />
            <ProviderAlgo ProviderId="SunRsaSign"
                          JCEName="SHA1withRSA" />
            <ProviderAlgo ProviderId="IAIK"
                          JCEName="SHA-1/RSA" />
            <ProviderAlgo ProviderId="Cryptix"
                          JCEName="SHA-1/RSA" />
         </Algorithm>
         <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#hmac-
         md5"
                    Description="Message Authentication code using
                    MD5"
                    AlgorithmClass="Mac"
                    RequirementLevel="NOT RECOMMENDED"

SpecificationURL="http://www.ietf.org/internet-drafts/draft-eastlake-
xmldsig-uri-02.txt">
            <ProviderAlgo ProviderId="IBMJCE"
                          JCEName="HMAC-MD5" />
            <ProviderAlgo ProviderId="BC"
                          JCEName="HMACMD5" />
            <ProviderAlgo ProviderId="SunJCE"
                          JCEName="HmacMD5" />
         </Algorithm>
         <Algorithm URI="http://www.w3.org/2000/09/xmldsig#hmac-sha1";
                    Description="Message Authentication code using
                    SHA1"
                    AlgorithmClass="Mac"
                    RequirementLevel="REQUIRED">
            <ProviderAlgo ProviderId="IBMJCE"
                          JCEName="HMAC-SHA1" />
            <ProviderAlgo ProviderId="BC"
                          JCEName="HMACSHA1" />
            <ProviderAlgo ProviderId="SunJCE"
                          JCEName="HmacSHA1" />
            <ProviderAlgo ProviderId="IAIK"
                          JCEName="HMAC/SHA" />
            <ProviderAlgo ProviderId="Cryptix"
                          JCEName="HMAC-SHA-1" />
         </Algorithm>