santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Yves Langisch" <>
Subject FW: Signing huge SOAP requests
Date Fri, 25 Mar 2005 09:57:39 GMT

Are there any hints from the XML-security side?


-----Original Message-----
From: Werner Dittmann [] 
Sent: Freitag, 25. März 2005 09:24
To: Yves Langisch
Subject: Re: Signing huge SOAP requests


looking at this it seems that this is not a problem of WSS4J but of the
underlying XML security lib. WSS4J delegates the whole signature processing
to xmlsec lib.

Maybe you can copy your problem to the xmlsec mailing list? AFAIK there were
some discussions about signing very large objects on this list some time


Yves Langisch schrieb:

>Not at all!
>We really have huge data to sign. And obviously the in-memory 
>DOM-representation itself is not the problem. With appropriate 
>VM-params I'm able to parse a 100MB file into a DOM-document. The 
>problems start while signing. The memory demand is much higher than 
>during parsing and I'm able to sign "only" a 10MB SOAP request.
>Are there any streaming/event based (SAX, StAX) security libraries 
>which are able to handle such huge requests (performance has not top
>-----Original Message-----
>From: Davanum Srinivas []
>Sent: Donnerstag, 24. März 2005 13:55
>To: Yves Langisch
>Subject: Re: Signing huge SOAP requests
>You kidding me? that's huge!. problem is that the whole thing needs to 
>be in DOM as xml-security (AND the w3c specs) works on DOM and not 
>streaming/sax stuff.
>-- dims
>On Thu, 24 Mar 2005 09:27:50 +0100, Yves Langisch <>
>>Is there anyone having experiences (memory requirements, performance, 
>>...) with signing huge SOAP requests (w/o attachments, body is about 
>>100MB) with WSS4J?

View raw message