Hi, > Does it need to be a separate API, can't it be incorporated into a facet > of the main one? > > The API spec part is small, but the implementation is the complicated > part here. Plaintext & HMAC are trivial to implement in Java, but I > haven't looked at the RSA support in detail.
I'm personally still convinced that including the signature implementation in a separate module is much much better in therms of design, I've experienced at least 3 options in the past and that's the option that takes the design as clean as possible. > I'd make a single API spec which incorporates everything, (each one will > be quite small otherwise). We can load a client or server component > from a factory object to get the appropriate functionality. Agreed, as long as we'll provide client/server implementation in separate modules. > >> (default in-memory data structure can be replaced by custom >> implementations); > > IMHO the /core/ of the library should be just the code for servicing and > providing the terminal points for interacting with clients or service > providers. > In the provider there are some needed Data Structures to maintain and check the user key, nonces, timestamps, ... that could be based on n frameworks, we could provide the "in-memory" base implementation, letting users defining their own. Simo http://people.apache.org/~simonetripodi/
