> i've recently released WSS4R [1].

Nice work. I saw it on rubyforge -- I will have a closer
look at it the next few days.

> ...
> One big issue of implementing cryptographic functions 
> in pure ruby might be the performance. 

Yeah, I agree. That's why what Sun did with
the Java crypto framework works so well: with the provided
hooks, the implementation can be pure Java or native
JNId livrary.  The same concept would work great for Ruby,
and with time, the ruby runtime may be as fast as the Java
VMs.

>...
> Another problem might be the xml parser. REXML is quite 
good in parsing xml documents, but it was very hard and
> tricky to write a standart conform xml-canonicalizer.

I can imagine that -- the C14N specs are not easy to deal
with to begin with!

> ...
> I'am very interested in such a project, but perhaps a 
> swig binding to xmlsec[2]

SWIG looks interesting. I gotta check that out, too, thanks!

Of course, for a good Java xml security library, few beat 
http://incubator.apache.org/tsik
but I confess to slight bias here ;)

Thanks,
Hans

-- 
Posted via http://www.ruby-forum.com/.