EldoS | Feel safer!

Software components for data protection, secure storage and transfer

two things: XML signature and new forum

Also by EldoS: CallbackFilter
A component to monitor and control disk activity, track file and directory operations (create, read, write, rename etc.), alter file data, encrypt files, create virtual files.
#39
Posted: 04/18/2006 07:18:36
by Stephane Grobety (Priority Standard support level)
Joined: 04/18/2006
Posts: 170

Hello,

First, about the new media. Although web-based forum are a nice tool, I really liked the NNTP system better. It allowed me to use a rich client that included options like archiving forums, catching up threads easily. I could also easily create RSS from NNTP to get an instant overview of forum activity. Finally, I could let the client run in the background, checking the forum every minute or so for an answer to my question and notify me when I got one. None of this is possible with web-based forums. The advantages of web forums, on the other hand, are mostly cosmetic: it might look nicer and I can add a larger avatar to my posts. Since I never got to vote on the "NNTP/Web" issue (I never saw anything related to a poll), I wanted to give my opinion on the issue, even if it's after the fact.

Now, back to SBB. Since I've bought the "Pro" package, I'm supposed to get the XML signing package as well. I'm wondering if it would be possible to get the reference to the exact specification that will be implemented.

Thanks,
Stephane
#42
Posted: 04/18/2006 22:56:20
by Eugene Mayevski (EldoS Corp.)

About the NNTP: the advantages of the forum are that
a) you can do search easily
b) you don't need a client to read it
c) RSS and more features will be added in future

About XML: what exactly do you mean by your questions? Versions of XMLDSig and XMLEnc specifications? We used the latest available versions of the specifications (they are quite old, though) with addition to [later removed] early options like simple canonicalization (which was present in early versions of XMLDSig, but removed later).


Sincerely yours
Eugene Mayevski
#43
Posted: 04/19/2006 00:45:37
by Stephane Grobety (Priority Standard support level)
Joined: 04/18/2006
Posts: 170

About NNTP:

a) You can do a searhc easily with a newsreader too.
b) http://www.newsreaders.com/web/software.html In short: there are many ways to use NNTP without using a client with or without help from the host.
c) I'm sure they will. The point is: every feature has to be added on your side, regardless of wether or not someone will use it. With NNTP, we can use standard client to do anything today that you will implement tomorow. And if there is a missing feature, then we can write one or just add a bit of code to an existing newsreader.

About XML: I'm working on a payment factory soltuion. So far, we've used UN-EDIFACT for EFT but more and more of our partners are eying EBXML as a new standard. Now, I'm not specialist of EBXML but I've read the digital security specs about a year ago and it seemed both flacky and complex.

I was wondering how much work would be necessary to implement the security portion of EBXML using SBB. EBXML specs are available on www.ebxml.org and the security acpects (the latest version has evolved quite a bit since the original) is available here: http://www.ebxml.org/specs/secRISK.pdf
#44
Posted: 04/19/2006 01:10:28
by Eugene Mayevski (EldoS Corp.)

Quote
Stephane Grobety wrote:
I was wondering how much work would be necessary to implement the security portion of EBXML using SBB. EBXML specs are available on www.ebxml.org and the security acpects (the latest version has evolved quite a bit since the original) is available here: http://www.ebxml.org/specs/secRISK.pdf


From the document you specified I can't see the security portion. This is just a general (and not very priofessional IMHO) talk about some security aspects (a quote: "This document contains information to guide in the interpretation or implementation of ebXML."). But it's not a technical specification that defines a normative way to do things. Maybe they have something else to offer.

With XML in general, many people confuse a language and a structure. XML is just a language and the exact structure is to be defined elsewhere. For example XML-DSIG and XMLEnc are structures, they specify what XML tags should be placed to the document in order to perform certain security-related actions. This part is missing from secRISK.pdf.
With XMLBlackbox you will get XMLDSIG and XMLENC. If they are part of what you need for ebXML, then you have it. And you will need to implement the rest. If ebXML defines it's own specification for security (either based on XMLDSig and XMLEnc or not), then we can consider implementing it too, in addition to (and on the basis of) what we have now.


Sincerely yours
Eugene Mayevski
#48
Posted: 04/21/2006 01:21:23
by Stephane Grobety (Priority Standard support level)
Joined: 04/18/2006
Posts: 170

Quote
From the document you specified I can't see the security portion. This is just a general (and not very priofessional IMHO) talk about some security aspects


That's, unfortunately, about all they offer.

Oh well, thanks anyway have having had a look at it. I'll see if I can dig something more specific out.
Also by EldoS: BizCrypto
Components for BizTalk® and SQL Server® Integration Services that let you securely store and transfer information in your business automation solutions.

Reply

Statistics

Topic viewed 6576 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!