[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
Re: [higgins-dev] Status of CardSpace i-card providers
|
Paul,
My code has dependancy on Apache XML Security 1.3 (I'll soon move to 1.4).
Recently I've been asked to remove that dependancy for internal consumers
(IBM has own XML Security implementation). In order to support that
request, I've created the concept of an XML Security extension
(IXMLSecurityExtension):
public interface IXMLSecurityExtension
{
public abstract void configure
(String strConfiguration,
Map mapConfiguration);
public abstract org.apache.axiom.om.OMElement SignEnveloped
(String strTagNameOfElementToSign,
org.apache.axiom.om.OMElement elemParent,
String strReferenceIdentifier,
java.security.PrivateKey privateKey,
java.security.PublicKey publicKey,
org.eclipse.higgins.sts.IConstants constants)
throws Exception;
public abstract org.apache.axiom.om.OMElement EncryptElement
(String strTagNameOfElementToEncrypt,
org.apache.axiom.om.OMElement elemParent,
String strCertificate)
throws Exception;
public abstract org.w3c.dom.Document DecryptElement
(org.w3c.dom.Element domEncryptedData,
java.security.PrivateKey privateKey);
}
I've implemented this via Apache XML Security, and the rest of my code
only uses the interface. I suspect you can take this interface and
implement it via Bouncy Castle. As long as we both only write code to this
interface you can use Bouncy Castle and I can use Apache (and IBM internal
can use what they want).
I think we need to discuss whether or not you should check your Bouncy
Castle based implementation into CVS, or perhaps host it on a site outside
US jurisdiction.
Bouncy Castle is developed outside US (Australia) in order to avoid US
export laws - we will not be able to redistribute it.
Thanks,
Mike
higgins-dev-bounces@xxxxxxxxxxx wrote on 04/03/2007 12:16:01 PM:
> Sergey Lyakhov (slyakhov@xxxxxxxxxxxxx) is developing two i-card
> providers (see rows B and C here [1]) to provide CardSpace
> interoperability. The first is called ?CMIP? (see [2]) for short.
> The second is called "CPIP" (see [3]) for short.
>
> CMIP
> ----
> - basic code will be checked in on 4/4
>
> CPIP
> ---
> - basic code will be checked in on 4/4
> - due to recent "update-related" changes in IdAS metadata can no
> longer be updated so any update operations do not currently work
>
> CMIP and CPIP
> -------------
> - both share some common code for .crds card backup/restore
> - to do this 256 bit crypto is required
> - either the IBM or SUN JVMs require export licenses to be acquired
> and installed to do 256 bit crypto. (128 bit is the legal limit)
> - we are in the process of removing a dependency on http://www.
> bouncycastle.org library as this cannot be redistributed from Eclipse.
>
> [1] http://wiki.eclipse.org/index.php/Components#I-
> Card_Registry_and_I-Card_Providers
> [2] http://wiki.eclipse.org/index.php/CardSpace_Managed_I-Card_Provider
> [3] http://wiki.eclipse.org/index.php/CardSpace_Personal_I-Card_Provider
>
> _______________________________________________
> higgins-dev mailing list
> higgins-dev@xxxxxxxxxxx
> https://dev.eclipse.org/mailman/listinfo/higgins-dev