-
Notifications
You must be signed in to change notification settings - Fork 7
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Future of the EXPath Crypto spec and libs #132
Comments
1. What are you using the Crypto lib for?
I don't use it myself.
2. What resources could you provide for continued maintenance or
development of the EXPath Crypto spec and/or libs?
If there is interest and there was a group (of 2+ people) who wanted to
work on a v2 spec, I would like to be involved in that and would invest
time in the spec work. If a v2 spec were built and finalised, we would then
likely implement it for FusionDB.
|
Hi Joe,
1. What are you using the Crypto lib for?
I have used one or the other function in the past, sometimes in
combination with functions from the BaseX Hashing Module.
2. What resources could you provide for continued maintenance or
development of the EXPath Crypto spec and/or libs?
I guess I won’t have time to get fully involved. Similar as in the
past, though, I’ll be happy to give feedback on new drafts of the
spec.
Cheers,
Christian
|
Speaking on behalf of exist solutions: we are invested and committed to further develop the crypto-lib and also to take part in an effort to finalize the specification.
The implementation of https://github.com/eXistSolutions/exist-jwt depends on the crypto-lib. |
1 What are you using the Crypto lib for?
We use the EXPath Crypto module for a lot of different things. We use it
to calculate file hashsums before we transfer them over the internet so
that the recipient of data we send can verify that the data has not been
corrupted during transmission. We have also developed a variety of
RESTful web service modules to connect to 3rd party services such as AWS
(S3, SQS, SNS, Transcoder), Box.com, Dropbox, Azure Cloud Storage,
Google (Drive, Sheets, BigQuery, Functions, Analytics). All of these 3rd
party APIs have security and each is slightly different from each other.
2. What resources could you provide for continued maintenance or
development of the EXPath Crypto spec and/or libs?
I spoke with Lars at eXist Solutions recently and mentioned I was
interested in sponsoring this work. Because we interface with so many
different web APIs, we can spend a good amount of time trying to get the
Crypto module to implement a security mechanism we need and if it does
not work, we have spend a lot of time trying to get enough information
to convey where the module is deficient for our situation. And then
there is a challenge to find help to address changes we need because
very few people know enough about cryptography, the Expath Package spec
and eXist-db. It is a difficult code base to jump into cold because
cryptography is complex and difficult to debug. We have been incredibly
grateful to Claudius and Adam for helping us over the years. I sure it
has been challenging for them to provide help because our requests come
expected and they are both very busy.
Nick
|
3 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
As I mentioned on last Monday's eXist-db Community Call, @claudius108 informed me of the good news that he is working on a PhD. Congratulations, Claudius!
For the EXPath community, this means that we need to find new maintainers for the EXPath Crypto java library and eXist implementations and a new editor for the underlying specification. Respectively, these projects reside in https://github.com/claudius108/crypto-java-lib and https://github.com/eXist-db/crypto-exist-java-lib, and Claudius's most recent work on the v2 of the spec lives in https://github.com/claudius108/expath-cg/commits/master/specs/crypto (a fork of https://github.com/expath/expath-cg/commits/master/specs/crypto).
To my knowledge, past contributions to the crypto project besides Claudius's have come from @chakl, @adamretter, and @nsincaglia. I also know that @ChristianGruen has implemented the crypto spec for BaseX (see https://docs.basex.org/wiki/Cryptographic_Module). It's great that we have 2 implementations of the Crypto spec, and I think this state of affairs should continue if at all possible.
I would be grateful if Olaf, Adam, Nick, Christian, or any members of the EXPath, BaseX, and eXist (@eXist-db/core) communities could chime in here with their priorities for the future of this project. I know that many projects rely on the crypto library, including mine. It would be great to know what plans, if any, are currently in place for continued maintenance or development of this project.
To start discussion off, my project depends on the crypto library: one app that talks to the Twitter API uses the
crypto:hmac
function, and another that talks to the Amazon AWS S3 API uses thecrypto:hash
function. I recall that @chakl extended the crypto library to perform some functions needed for the eXist SAML implementation.So, here are my questions:
p.s. Thanks to @claudius108 for his enormous contributions as editor and implementor of the EXPath Crypto spec! Good luck in your endeavors!
The text was updated successfully, but these errors were encountered: