Skip to main content

Sean Mullan

Sean Mullan is a staff engineer at Sun Microsystems working on Java Security and focused on the areas of PKI, XML Security, and access control. He was specification lead of JSR 55 (Certification Path API) and is currently co-specification lead of JSR 105 (XML Digital Signature API).


mullan's blog

Security Feature Planning for JDK 7

Posted by mullan on August 25, 2006 at 9:41 AM PDT

In a recent blog of my colleague Andreas Sterbenz, he asks the Java community for input on the security features for JDK 7.

New article on XML Digital Signatures

Posted by mullan on July 14, 2006 at 12:02 PM PDT

There's a new article titled Java XML Digital Signatures. It includes an introduction to XML digital signatures and to the new Java XML Digital Signatures APIs (JSR 105).

Extending JSR 105 to support more URI reference types

Posted by mullan on June 28, 2006 at 10:24 AM PDT

In XML Signatures, Reference elements use URIs to describe the data that is to be digested and signed. Adding support for your own URI dereferencing implementation is pretty straightforward in JSR 105.

Java SE Security Sessions at JavaOne

Posted by mullan on May 10, 2006 at 6:33 AM PDT

JavaOne is right around the corner, next week to be precise. If you are going, I encourage you to check out one (or both) of the technical sessions/BOFs related to Java Security:

Mustang Beta is out! Here's what is new in Security

Posted by mullan on February 15, 2006 at 8:19 AM PST

Mustang Beta (JDK 6) was released today and contains many new security features:

  • JSR 105, the Java XML Digital Signature API and implementation.
  • Native Platform GSS/Kerberos Integration. This feature allows Java GSS applications to take advantage of features in the native GSS/Ker

More XML Signature debugging tips

Posted by mullan on February 14, 2006 at 8:24 AM PST

In a previous blog entry, I discussed how to determine what caused an invalid XML Signature and provided some code snippets. But for some programmers, this information may not be enough, and you may want to know more details.

Well then, good news.

My XML Signature is invalid, now what do I do?

Posted by mullan on January 27, 2006 at 11:33 AM PST

When validating an XML Signature using the Java XML DSig API, it returns a simple boolean indicating if the signature is valid or not:

// Validate the XMLSignature
boolean coreValidity = xmlSignature.validate(valContext);

If it is valid, then great ... no worries. But what if it is invalid?

Apache Java XML-Security 1.3 released, what's next?

Posted by mullan on November 29, 2005 at 7:50 AM PST

The Apache XML Security Team has announced the 1.3 release of the Java XML-Security library.

The main changes in this release are:
* Better performance & memory utilization.
* Bug fixes.

The detailed changelog can be found here:

Get the new JSR 105 (XML Digital Signature API) with JWSDP or Mustang

Posted by mullan on October 6, 2005 at 9:23 AM PDT

In a previous blog entry I mentioned that the final release of JSR 105 (XML Digital Signature API)
is available from

JSR 105 (XML Digital Signature API) Final Release

Posted by mullan on June 26, 2005 at 7:06 AM PDT

In case you missed it, the final release of JSR 105 (Java XML Digital Signature API) is now available! :