santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ron Forrester" <itr...@gmail.com>
Subject Non-DOM based XML signing/verification
Date Sun, 06 Aug 2006 21:07:47 GMT
I have been using the xmlsec java library for quite a while now to
digitally sign (and subsequently verify) large (multi-hundred
megabyte) XML documents. However, the burden on our resources of the
DOM based strategy has become to much to bear in the attempt to scale
our system.

After looking for SAX based implementations and coming up empty, I
made the tough decision to abandon the standard and roll my own. After
some research I fairly quickly dismissed SAX as the appropriate
mechanism.

Instead I decided to use STaX, and specifically the element based
reader/writer support. Using the element based approach allowed me to
get some canonicalization out of the process (enough for my needs),
and still maintain the fairly high performance and low memory
requirements implied in a STaX implementation.

My question is this: Are there any efforts like this currently going
on in the community (none that I could find, outside of a largely
untested SAX based patch)?

If not, would there be interest in helping to advance the state of the
code I have, and if possible modify it to follow the XML Signature
specification? Currently the code suits my needs, which are very
limited, and there would likely be significant effort in bringing it
up to spec.

However, I feel strongly that a DOM based implementation can be not
much more than a reference implementation if we're ever to make XML
signature (and encryption) a part of large scale enterprise class
systems.

Any comments or criticisms would be much appreciated.

-- 
rjf&

Mime
View raw message