santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Cantor, Scott E." <canto...@osu.edu>
Subject Re: questions on xml-security-c and xalan-c
Date Wed, 30 Mar 2011 17:42:22 GMT
On 3/30/11 7:39 PM, "Philip Black-Knight" <pblack@tresys.com> wrote:
>I'm looking into using santaurio in a application, but the disclaimers
>regarding xalan make me a little nervous.

They should, they'd certainly make me nervous.

>We'd like to be able to add signatures to a document and allow the
>document to get added to some other DOM tree and keep the signature
>valid.  I've been able to do this using an xmldsig-filter2 intersect
>filter and the xpath expression "here():/ancestor::RootNode". A sample
>document seems to work with the txfmout test program.

An alternative to XPath, provided you have ID attributes and some
application protection against wrapping attacks, is ID-based referencing
of the object.

>My understanding is that santaurio uses xalan-c to perform the
>xmldsig-filter2 filtering and I was wondering if anyone knows of problems
>with this. Is there an alternative?

Not without finding and alternative and porting to it. I am aware of no
XPath implementations via Xerces at this point.

> The xalan project appears dead, is there a plan to move to an active
>project?

Any pointers to one? Not that I'm going to do the work, but even having a
place to point would be better.

Note that XML Signature in current form requires at least XPath 1, and
support for the XPath 2 filter is separate and optional. So a 2-only
library wouldn't work.

-- Scott


Mime
View raw message