Roland Schmitt
10/19/2006 10:14:00 AM
Hi,
Christopher Brown schrieb:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Thanks and I completely agree.
> Struggling with not being able to use REXML in canonicalization is one
> of the things that brought me to ask. I really didn't want to fall back
> on native code libraries for this, but I'm pragmatic and willing to
> accept bindings to libXML, etc. if that's the shortest road to a working
> solution.
>
> Cheers,
> Chris
>
> On 19 Oct 2006, at 9:26 AM, Roland Schmitt wrote:
>
>> Hi,
>>
>> Christopher Brown schrieb:
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA1
>>> Hey all,
>>> I thought I remembered seeing a comment about ActionWebService being
>>> deprecated in favor of something else in the latest Rails Edge.
>>> Is that true or did I dream it? What is the ongoing story for web
>>> services in Ruby? Can anyone comment about such things as SOAP
>>> request authentication and support for WS-Security?
>>> Last I looked, there were no pure Ruby XML canonicalization
>>> libraries, which kinda foils that plan.
>>> Peace,
>>> Chris
>>> -----BEGIN PGP SIGNATURE-----
>>> Version: GnuPG v1.4.3 (Darwin)
>>> iD8DBQFFNw9zrOGxDZoCCzURAvzoAKCO2PwSJVpSMQV7O722I40u5ZJ+BwCgx8ex
>>> 9fI8WF819xLKR6bYLO/PamY=
>>> =GdWQ
>>> -----END PGP SIGNATURE-----
>>
>> look at www.rubyforge.org/projects/wss4r for a pure-ruby WS-Security
>> implementation. It contains a rudiment xml canonicalizer. The problems
>> with the canonicalizer are more or less problems with the underlying
>> xml parser, REXML in this case.
>>
>> I think first we need other xml parsers (perhaps libXML?) before we
>> can think of WS-Security.
>>
>>
>> Regards,
>> Roland
>>
>>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.3 (Darwin)
>
> iD8DBQFFN0CYrOGxDZoCCzURAlpVAJ9rDoIkk0UUvUtwaD1WicUYEQdq/gCeLhnt
> AZtKTdkpFRgo6di1+qtQWlo=
> =EozJ
> -----END PGP SIGNATURE-----
>
>
i think the shortest road to XML/WS-security in ruby would be a binding
to something like xmlsec (www.aleksey.com/xmlsec).
But using native libraries for everything is perhaps not the right way.
Regards,
Roland