This Confluence has been LDAP enabled, if you are an ASF Committer, please use your LDAP Credentials to login. Any problems file an INFRA jira ticket please.
Currently, Gmane holds the messages of the last two weeks. This service also makes the mailing list reachable with a news reader.
You can use the ezmlm mailing list controller to receive previous messages by email. Send an empty email to dev-helpATsantuario.apache.org for detailed information on how to use this service.
The best place to start is W3C XML-Signature Syntax and Processing.
The best place to start is W3C XML Encryption Syntax and Processing.
A lot of resources exist on the web, including the 'green bible' for cryptography: Handbook of Applied Cryptography. The Handbook of Applied Cryptography is completely online and it should satisfy most of your cryptographic hunger. Disadvantage of it is that it goes rather deep, so it isn't a executive overview or a "Learn XYZ in 21 days"-book.
The enveloped transform is a special transform that enables the use of so-called enveloped signatures.
Enveloped signatures are signatures over an entire XML document, for which the <Signature> element is included in the document itself. An example could be:
The Reference indicates that Root and it's descendants (except for comments) are signed, but the Transform element says to throw out the Signature element (that is the parent of this Reference) from the stream that is to be signed. Note that if there are other Signature elements in Root, they will remain untouched.
C14N was introduced to solve some problems that arise when signing XML. Because XML allows to change the representation of an XML document without changing the actual content, signatures may break when different parsers are used to generate and verify the signature. A simple example of such an allowed change is changing the order of attributes within an element. (That is solved by C14N by sorting the attributes by alphabet)
Because a C14N'ed XML fragment inherits all the namespace declarations from it's ancestors, it is not possible to embed a signed XML fragment into a document that has other namespace declarations.
This is solved by ExclC14N. ExclC14N takes extra information as input in which you can specify which of the ancestor's namespaces should be included.
For more information on this topic, have a look at the C14N and ExclC14N sections of the W3C XMLDSig WG.
A new property has been added from the 1.5.0 release to enable "secure validation". This property is false by default. When set to true, it enforces the following processing rules:
This functionality is supported in the core library through additional method signatures which take a boolean, and in the JSR-105 API via the property "org.apache.jcp.xml.dsig.secureValidation, e.g.:
XMLValidateContext context = new DOMValidateContext(key, elem);