The XMLSIG FOR DYNAMIC LANGUAGES project aims to create a set of libraries for securing XML format information in accordance with the W3C Digital Signature and Encryption standards. The libraries enable developers to rapidly integrate digital trust services including secure XML processing, authentication, real-time certificate validation and authorization.
XmlSig is a C++ wrapper around the xmlsec library, providing a simple object oriented interface for dynamic languages. XmlSig then wraps this wrapper in Ruby, Python, PHP and Perl objects.
1. To be a fully compliant XML Signature implementation.
2. To have an API resembling Apache TSIK.
1. Make it easy to bind to many dynamic languages.
This can be seen in the minimal amount of type-mapping needed to bind to XMLSig. Only XMLSig objects and common C/C++ types are exposed. This gives the XMLSig interface a lowest-common-denominator feel, and it is expected that language enthusiasts will create wrapper modules that have a more language-specific feel.
2. Play nicely with native language objects as much as possible.
One goal of XMLSig is to provide language-specific methods so that developers can still use their language's standard libraries with XMLSig. For example, XMLSig encapsulates XML processing, but different languages have their own favorite XML libraries, so XMLSig should make it possible for developers to use their language's standard XML API.
The project is in release status 1.0 at Sourceforge. The libaries can be used to sign and validate DSIG compliant signature blocks. This first release implements the mandatory and suggested features of the XML Digital Signature standard, including:
- DSA Signing and verification
- HMAC SHA1 Signing and verification
- Canonical XML Transformation
- Exclusive Canonical XML Transformation
- XPath Transformation (including enveloping signatures)
- XSLT Transformation
- and more
Links are provided below to the various standards and sites referenced in this documentation.
IETF/W3C XML Digital Signature standard
XML Digital Signature Interoperability reports
For further information please contact Hans Granqvist.
Copyright © 2006 VeriSign, Inc. All Rights Reserved.