Skip to Content.
Sympa Menu

mace-opensaml-users - RE: [OpenSAML] ComponentSpace and OpenSAML digest compatibility

Subject: OpenSAML user discussion

List archive

RE: [OpenSAML] ComponentSpace and OpenSAML digest compatibility


Chronological Thread 
  • From: "Scott Cantor" <>
  • To: <>
  • Subject: RE: [OpenSAML] ComponentSpace and OpenSAML digest compatibility
  • Date: Mon, 15 Jun 2009 10:39:01 -0400
  • Organization: The Ohio State University

Craig Setera wrote on 2009-06-15:
> Yep. Certainly not trying to bite the hand providing me free code! I
> appreciate the feedback you've already given. I have downloaded the
> latest version and I'm taking a look at it now.

I just wanted to be clear. As Paul's last message shows, the situation still
hasn't been made 100% clear. While Shibboleth 1.x is still supported and is
sitting on top of 1.x, we do NOT support the actual library itself any
longer outside of that context, so it's already EOL.

> Any thoughts on how it might be corrupted in transit? Looking at the
> XML, it looks OK. Would it be obvious?

No, not unless you have a trained eye, and even then it's just guesswork.

> My cursory reading of the
> related specifications lead me to believe that the C14N and
> normalization would take care of non-obvious things such as whitespace.
> Is that understanding correct?

Not at all. Whitespace is 100% significant in XML. Add one tab or linefeed
and you're done. That's the usual source of corruption in transit.

> One other question. Does the public/private key information have
> anything to do with the digest generation? It doesn't appear to from my
> reading, but I wanted to validate that.

It doesn't affect the digest, no.

-- Scott





Archive powered by MHonArc 2.6.16.

Top of Page