santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "John Harrison" <hc99...@dmu.ac.uk>
Subject RE: FW: Signing huge SOAP requests
Date Sat, 26 Mar 2005 19:10:22 GMT
Please excuse this message if you have already gone there, have you
looked at the new axis 2 this works on a pull method instead of push and
is designed to get larger xml files.

Myself I am just about to make a post regarding encryption of RPC type
elements can some one give me an implementation

-----Original Message-----
From: Raul Benito [mailto:raul.benito.garcia@gmail.com] 
Sent: 25 March 2005 21:35
To: security-dev@xml.apache.org; fx-dev@ws.apache.org
Subject: Re: FW: Signing huge SOAP requests


Depending the structure of signature you can try this
patch(http://issues.apache.org/bugzilla/show_bug.cgi?id=32657)
It Is a single pass sax verification, I have manage to verify 100MB XML
files with just 10MB of footprint. But it only works with some kind of
signatures out of the box(but it can be adapted to other types),. I have
submitted a proposal to ApacheCon Europe about this subject(speed and
memory considerations in xml digital signatures, but it also includes
sax parsing). If it is admitted I will post the material that I will do
here.(If not i will do it also but it will take longer ;( )

Regards,

Raul



On Fri, 25 Mar 2005 10:57:39 +0100, Yves Langisch <lists@langisch.ch>
wrote:
> All,
> 
> Are there any hints from the XML-security side?
> 
> Thanks
> Yves
> 
> -----Original Message-----
> From: Werner Dittmann [mailto:Werner.Dittmann@t-online.de]
> Sent: Freitag, 25. März 2005 09:24
> To: Yves Langisch
> Cc: dims@apache.org; fx-dev@ws.apache.org; hgranqvist@verisign.com
> Subject: Re: Signing huge SOAP requests
> 
> Yves,
> 
> looking at this it seems that this is not a problem of WSS4J but of 
> the underlying XML security lib. WSS4J delegates the whole signature 
> processing to xmlsec lib.
> 
> Maybe you can copy your problem to the xmlsec mailing list? AFAIK 
> there were some discussions about signing very large objects on this 
> list some time ago.
> 
> Regards,
> Werner
> 
> Yves Langisch schrieb:
> 
> >Not at all!
> >
> >We really have huge data to sign. And obviously the in-memory 
> >DOM-representation itself is not the problem. With appropriate 
> >VM-params I'm able to parse a 100MB file into a DOM-document. The 
> >problems start while signing. The memory demand is much higher than 
> >during parsing and I'm able to sign "only" a 10MB SOAP request.
> >
> >Are there any streaming/event based (SAX, StAX) security libraries 
> >which are able to handle such huge requests (performance has not top
> priority)?
> >
> >Yves
> >
> >-----Original Message-----
> >From: Davanum Srinivas [mailto:davanum@gmail.com]
> >Sent: Donnerstag, 24. März 2005 13:55
> >To: Yves Langisch
> >Cc: fx-dev@ws.apache.org
> >Subject: Re: Signing huge SOAP requests
> >
> >You kidding me? that's huge!. problem is that the whole thing needs 
> >to be in DOM as xml-security (AND the w3c specs) works on DOM and not

> >streaming/sax stuff.
> >
> >-- dims
> >
> >On Thu, 24 Mar 2005 09:27:50 +0100, Yves Langisch <lists@langisch.ch>
> wrote:
> >
> >
> >>All,
> >>
> >>Is there anyone having experiences (memory requirements, 
> >>performance,
> >>...) with signing huge SOAP requests (w/o attachments, body is about
> >>100MB) with WSS4J?
> >>
> >>Thanks
> >>Yves
> >>
> >>
> >>
> >>
> >
> >
> >
> >
> 
> 


-- 
http://r-bg.com



Mime
View raw message