OpenSAML user discussion

["Scott Cantor" <>]

> I, for one, am waiting for them to start consuming latest openSAML2
> release.

I think that would be a mistake, just like the original dependency was.

WSS is token agnostic, and that means any WSS library worth anything also
needs to be. I don't think it makes sense to hard code assumptions about
tokens, since that will practically guarantee the API is both brittle, but
also too rigid to handle additional token profiles in the future.

Now, can they be composed efficiently without prior arrangement? Probably
not, but my guess is they can't be composed now, since that's generally true
of any XML libraries not written to be composed. At best, maybe you can
overlap via DOM, and hope for some cases that's fast enough.

But that's a separate problem that argues XML is a mess (which it is), not
that the solution for WSS is to hard code anything.

WSS4J ought to have a layer into which you plugin token profile code, in
which case that would be done as a glue layer between the two, allowing both
to evolve.

-- Scott