OpenSAML user discussion

["Scott Cantor" <>]

> Thanks.  In my specific example (ID-WSF 2.0), the resultant
> ds:Signature is added as a child of the wsse:Security SOAP Header.  I
> am signing the SOAP Body and several Headers, including some elements
> of the wsse:Security header.  At present, I am doing the signing with
> my own signing class, I'd like to transition to using the OpenSAML
> signing features.  Is the case I described above be easily possible?

I don't think that it would be all that appropriate to treat a Security
header as a plain signature parent. Typically the Signature in there
references more than just the parent element, and is application-specific.
Plus which the spec allows multiple signatures in there.

I would say you'd want to model that header in its own right and provide
some helping code to make it easy to build up the signing you want. The
indirection between the Signature itself and the "content references" should
give you the flexibility to do that. (At least my C++ would, I think the
Java is similar.)

Just MHO...

-- Scott