OpenSAML user discussion

[Chad La Joie <>]

Oh, also just a bit of background on this.

OpenSAML 1.0 was just an SAML library, so all the code was really trying 
to implement exactly what the SAML specifications said.  The new 
OpenSAML 2.0 library is actually a library stack.  Signature and 
Encryption support is actually located in the XMLTooling library.  This 
library is meant to be generic and allow things, like OpenSAML, to be 
built on top of it.  So, naturally, that lower level library can't make 
the same number of assumptions as the OpenSAML 1 library could.

That said, I'm all for trying to encode reasonable, best-practice, 
behavior into the library as long as it doesn't prohibit people from 
changing it for some reason.

Dimuthu Leelarathne wrote:
> Hi All,
>
> I think the new opensaml implementation is really good. It has good
> javadocs and very intuitive.
>
> I'd like to put forward my idea as a user. If you guys can set a default
> CanonicalizationAlgorithm to the Signature object, it will be good. 
>
> I am saying that because when using opensaml-1.0 I was unaware of the
> the canonicalization method, and when using the new library, in order to
> fix a signature verification problem I had to read about the four C14N
> canonicalization methods.
>
> Thank you,
> Dimuthu

--
SWITCH
Serving Swiss Universities
--------------------------
Chad La Joie, Software Engineer, Security
Werdstrasse 2, P.O. Box, 8021 Zürich, Switzerland
phone +41 44 268 15 75, fax +41 44 268 15 68
,
 http://www.switch.ch