Jump to: navigation, search

XML Security Tools Proposal

The XML Security Tools is a proposed open source component under the Eclipse Web Tools Project.

This proposal is in the Project Proposal Phase (as defined in the Eclipse Development Process document) and is written to declare its intent and scope. This proposal is written to solicit additional participation and input from the Eclipse community. You are invited to comment on and/or join the component. Please send all feedback to the Web Tools newsgroup.

The initial contribution pdf document is available .

Background

Background information regarding the reason for the project and some high level goals.

  • Provide goals

Description

The XML Security Tools will be based on a contribution from the XML-Security Plug-In project. This project was created by Dominik Schadow and is hosted on SourceForge. The goal of this project is to provide trained and untrained users and developers an easy access to XML Security: wizards and views to sign, verify, encrypt and decrypt arbitrary XML documents in different (XML) editors. The intention for the plug-in therefore was to teach users all about XML Security and to enable all users to easily secure their own XML documents. The plug-in is not only focused on e-learning, the XML Security tools can be used in a production environment too.

The XML-Security Plug-In uses the Apache XML Security API (Santuario) for securing XML documents. The included extensive online help enables new users to learn all about XML Security. The plug-in has an English GUI; the help files are completely in German.

Organization

We propose sources under EPL for initial contribution, including customizable signing, verifying, encrypting and decrypting of XML files based on the W3C XML Signature, XML Encryption and other related specifications.

XML Security Tools features are organized into different topics:

  • XML Digital Signatures and Verification
  • XML Encryption and Decryption
  • Utils like Canonicalization, key generation


The primary focus of the XML Security Tools component will be on extensibility & robustness of basic features.

Contribution

The contribution will consist of an initial set of source plug-ins based on the XML-Security Plug-In

de.xmlsicherheit

The core plug-in (several wizards, view, preference pages).

de.xmlsicherheit.help

Help contents (information about the W3C recommendations on XML security and a plug-in guide), completely in German.

org.apache.xalan

Apache Xalan, required by org.apache.xml.security and de.xmlsicherheit.

org.apache.xml.security

Apache XML Security (Santuario).

de.xmlsicherheit.feature

Feature containing all four plug-ins.

Tentative Plan

  • Initial Eclipse.org presence in ??? 2008
    • website
    • CVS repository, seeded with source code from current contribution
    • Bugzilla repository
  • v0.5: ??? 2009

Initial committers and contributors

The initial committers will initially focus on providing an open, well documented API. Our agile development process will follow eclipse.org's standards for openness and transparency. Our goal is to provide the infrastructure and APIs needed to allow the integration/generation of additional model search engines.We also plan to help improve the Eclipse platform by submitting patches and extension point suggestions. The initial team will consist of several part-time resources:

Component lead/Committer

Dominik is the developer of the XML-Security Plug-In, the Eclipse e-learning plug-in for XML security, and has been working with XML Security for several years now. He is also the lead of the JCrypTool project, which develops a cryptography e-learning rich client based on the Eclipse Rich Client Platform.

Committers

  • David Carver - Standards for Technology in Automotive Retail

David is one of the committers on the XSL Tools incubator project. He has been working on the content assistance and XPath parsing abilities. He is also mentoring the XQuery Summer of Code project. He works daily with wide variety of XML related technologies for the Automotive retail industry.

Interested parties

The Web Services, SOA, and XML communities are obviously the main target and audience for this component. We are expecting and will actively pursue during the proposal and incubation phases, active participation.

User community

The existing Web Service and XML developer/user community will be the primary user base. The XML-Security Plug-In already has a (smaller) user community, mainly located in the educational area.

Links