You’re currently reading “Signing XML documents a "Revelation"?,” an entry on Show me the code! - By Davanum Srinivas
7.31.07 / 5pm
Questions:
1) What year was the web invented?
2) What year was signing of documents invented?
3) What year was SOAP invented?
4) What year was the first major company’s financial data released on the web using wss4j?
7.31.07 / 6pm
You have been doing it for years? Where? There are more SOAP stacks than there are SOAP services on the web, as the bonmot goes. These people, on the other hand, are actually doing it on the open web.
That is a big deal.
8.1.07 / 1am
Aristotle,
Wow! by all means celebrate the great achievement!! If you can’t even acknowledge “prior art”…
8.1.07 / 1am
Sam,
You got me on #4. I guess the RSS/ATOM+Signed Documents for financial data has not yet happened either. Status Quo right? BTW, i had the exact same reaction when i saw the brouhaha over LDAP as a data store. BTW, Am not defending SOAP. I am just stating a fact that this has been done before and therefore no big deal. It’s catch up time!
thanks,
dims
8.1.07 / 10am
Signed documents have been done before; WS-* wasn’t the first to do it either. Who cares? The only thing that matters is what folks are actually doing now and what they’re going to do to make it better.
8.1.07 / 10am
Actually, #1 and #2 predated #3.
So… what is actually happening here? HTTP and digital signing have been around for a while, but the financial community has ignored them. Then SOAP came along, and bundled it all up, and … the financial community continues to ignore these protocols (at least on the public web).
Now feeds come along. They lower the barrier to entry. Sure enough Sun stumbles a little bit initially, but quickly produces valid feeds, and sets action plans in place to correct the remaining issues.
And, yes, those action plans involve things that predate SOAP.
8.1.07 / 2pm
Prior art… well, RFC 4287 basically says “see XML DigSig/XML Encryption”, both of which were ratified in 2002. Can you point me to any WS-* efforts that predate them?
8.1.07 / 8pm
Aristotle, Sam, Where did i say that SOAP predates XML DSig/XML Enc? Why is it so hard to ack that others have been using these for some time now and feeds are just starting to? and it’s no big deal since the technology has been around for some time? And that it is high time that it gets adopted?
8.1.07 / 8pm
I think time is better spent increasing the adoption of signed feeds and understand what worked for others who adopted the same specs for whatever they were doing. If there’s *any* interest in that, please let me know.
8.2.07 / 12am
Dims, please keep in mind that some of us working in the signed-feed space were also involved in the signed-soap space long before the standards were finished.
In any case, if you have specific suggestions on how to improve the signed feed experience and adoption, please share. I for one take this stuff very seriously and am more than willing to cough up the code necessary to make it work.
8.2.07 / 5am
Dims, Where did I say that you said that SOAP predates XML DSig/XML Enc?
Like James, I too was actively involved not only in the development of SOAP stacks, but specifically in the signing and encryption of SOAP envelopes.
This makes your assertion about “they” and “us” a bit confusing.
8.2.07 / 2pm
Sam, James,
Touché! I apologize
James,
Example, Do you have a case for signing the feeds twice?
thanks,
dims
8.3.07 / 11pm
To this point no. What I have seen a case for, however, are feeds in which individual entries within the feed are signed as well as the feed.
XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>
Davanum Srinivas
(davanum AT gmail.com / dims AT yahoo.com)
AssertNotEquals(”Davanum Srinivas” , “IBM”);
13 Comments
Jump to comment form | comments rss [?] | trackback uri [?]