Skip to Content.
Sympa Menu

mace-opensaml-users - Re: [opensaml] Default Canonicalization Algorithm

Subject: OpenSAML user discussion

List archive

Re: [opensaml] Default Canonicalization Algorithm


Chronological Thread 
  • From: Chad La Joie <>
  • To: mace-opensaml-users <>
  • Subject: Re: [opensaml] Default Canonicalization Algorithm
  • Date: Thu, 07 Feb 2008 08:16:50 +0100
  • Organization: SWITCH

Brent and I discussed this and after some back and forth we agree that the appropriate place for this is the org.opensaml.xml.security.SecurityHelper class which already has a method prepareSignatureParams(Signature, Credential, SecurityConfiguration, String)

This method is able to figure out a number of settings from the environment as well as deal with additional things like KeyInfo generation. By using the helper method we are able to do this even if people change the implmentation, marshaller, and unmarshaller classes.

Dimuthu Leelarathne wrote:
Hi All,

I think the new opensaml implementation is really good. It has good
javadocs and very intuitive.

I'd like to put forward my idea as a user. If you guys can set a default
CanonicalizationAlgorithm to the Signature object, it will be good.
I am saying that because when using opensaml-1.0 I was unaware of the
the canonicalization method, and when using the new library, in order to
fix a signature verification problem I had to read about the four C14N
canonicalization methods.

Thank you,
Dimuthu


--
SWITCH
Serving Swiss Universities
--------------------------
Chad La Joie, Software Engineer, Security
Werdstrasse 2, P.O. Box, 8021 Zürich, Switzerland
phone +41 44 268 15 75, fax +41 44 268 15 68
,
http://www.switch.ch



  • Re: [opensaml] Default Canonicalization Algorithm, Chad La Joie, 02/07/2008

Archive powered by MHonArc 2.6.16.

Top of Page