axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sanjiva Weerawarana" <>
Subject Re: SOAP streaming and faults, security everywhere and performanceimplications [Re: opinion Axis' future ... [Re: Using SAAJ-1.2 API tomodify the soap header/body content
Date Wed, 09 Jun 2004 13:30:38 GMT
"Samuel Meder" <> writes:
> I completely agree on Alex's point that security (and other QoS aspects)
> are very important for us working in the Grid world. It is hard to
> justify to users that turning on security will cause a 10x slowdown (it
> is actually even worse with larger payloads) and since grid scenarios
> are generally multi organization security is a ubiquitous requirement (I
> would think that the same is true for B2B scenarios).

Of course. However, that's a fundamental issue with XML security
and not with the WS-* specs in particular. The XML sec stuff is
defined in terms of DOMs and DOM hash's .. which can be computed
in a streaming model for many XPaths .. 

Furthermore using WS-Security without WS-Secure Conversation is
retarded (IMO). 

In summary,  IMO there's no reason why WS-Security/WS-Secure Conversation
have to be any less performant than any other public key security
technology IMO for many cases. There may be degenerate cases where
it is, but if we can make those rare then we're in business.


View raw message