Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [higgins-dev] Status of CardSpace i-card providers

Paul,

My code has dependancy on Apache XML Security 1.3 (I'll soon move to 1.4). 
Recently I've been asked to remove that dependancy for internal consumers 
(IBM has own XML Security implementation). In order to support that 
request, I've created the concept of an XML Security extension 
(IXMLSecurityExtension):

public interface IXMLSecurityExtension
{
        public abstract void configure
                (String strConfiguration,
                Map mapConfiguration);
 
        public abstract org.apache.axiom.om.OMElement SignEnveloped
                (String strTagNameOfElementToSign,
                org.apache.axiom.om.OMElement elemParent,
                String strReferenceIdentifier,
                java.security.PrivateKey privateKey,
                java.security.PublicKey publicKey, 
                org.eclipse.higgins.sts.IConstants constants)
                throws Exception;
 
        public abstract org.apache.axiom.om.OMElement EncryptElement
                (String strTagNameOfElementToEncrypt,
                org.apache.axiom.om.OMElement elemParent,
                String strCertificate)
                throws Exception;
 
        public abstract org.w3c.dom.Document DecryptElement
                (org.w3c.dom.Element domEncryptedData,
                java.security.PrivateKey privateKey);
}

I've implemented this via Apache XML Security, and the rest of my code 
only uses the interface. I suspect you can take this interface and 
implement it via Bouncy Castle. As long as we both only write code to this 
interface you can use Bouncy Castle and I can use Apache (and IBM internal 
can use what they want). 

I think we need to discuss whether or not you should check your Bouncy 
Castle based implementation into CVS, or perhaps host it on a site outside 
US jurisdiction.
Bouncy Castle is developed outside US (Australia) in order to avoid US 
export laws - we will not be able to redistribute it.

Thanks,
Mike

higgins-dev-bounces@xxxxxxxxxxx wrote on 04/03/2007 12:16:01 PM:

> Sergey Lyakhov (slyakhov@xxxxxxxxxxxxx) is developing two i-card 
> providers (see rows B and C here [1]) to provide CardSpace 
> interoperability. The first is called ?CMIP? (see [2]) for short. 
> The second is called "CPIP" (see [3]) for short.
> 
> CMIP
> ----
> - basic code will be checked in on 4/4
> 
> CPIP
> ---
> - basic code will be checked in on 4/4
> - due to recent "update-related" changes in IdAS metadata can no 
> longer be updated so any update operations do not currently work
> 
> CMIP and CPIP
> -------------
> - both share some common code for .crds card backup/restore
> - to do this 256 bit crypto is required
> - either the IBM or SUN JVMs require export licenses to be acquired 
> and installed to do 256 bit crypto. (128 bit is the legal limit)
> - we are in the process of removing a dependency on http://www.
> bouncycastle.org library as this cannot be redistributed from Eclipse.
> 
> [1] http://wiki.eclipse.org/index.php/Components#I-
> Card_Registry_and_I-Card_Providers
> [2] http://wiki.eclipse.org/index.php/CardSpace_Managed_I-Card_Provider
> [3] http://wiki.eclipse.org/index.php/CardSpace_Personal_I-Card_Provider 

> 
>  _______________________________________________
> higgins-dev mailing list
> higgins-dev@xxxxxxxxxxx
> https://dev.eclipse.org/mailman/listinfo/higgins-dev



Back to the top