Ivan Kanakarakis

There seems to be some support for ecdsa sigs: ``` $ xmlsec1 --version xmlsec1 1.2.30 (openssl) $ xmlsec1 --list-transforms | grep -io ecdsa........ ecdsa-sha1"," ecdsa-sha224" ecdsa-sha256" ecdsa-sha384" ecdsa-sha512" ``` see...

Excellent report. Thanks! This is indeed a problem. I will push the fix first thing in the morning.

@jkakavas yes, we should. This is one of the things I want to do, and it should be part of the type system - ie, our `Reference` type should be...

This issue is also described in the [XML Signature Best Practices][bp] document. We should make a check list of that. [bp]: https://www.w3.org/2008/xmlsec/Drafts/best-practices/Overview.html#problematic-external-references

I think both `empty` and `same-doc` should be fine: ``` xmlsec1 --enabled-reference-uris empty,same-doc ... ``` Quoting the [XML Signature Syntax and Processing][xsig#ref] document: > If the `URI` attribute is omitted...

I am reopening this, as there are more places where the `xmlsec1` executable is called. We need to make sure that those calls do not try to reach the network.

I went through this and while I think it is the right thing, it breaks lots of existing use cases. I will however push this forward but try to make...

Looking at the [SAML2 xsd][samlxsd], I see that ```xml ``` `IssueInstant` is of [type `xsd:dateTime`][dt]. The XML Schema datatypes spec mandates > The ·lexical space· of dateTime consists of finite-length...

According to the dateTime datatype spec, it is mandatory to include the year, the month, the day, the hour, the minutes and the seconds. One can omit only the second...

I went through the code and it seems `pysaml2` uses many different libs: - `time` builtin module - `datetime` builtin module - `calendar` builtin module - `dateutil` lib - `pytz`...