Return-Path: Delivered-To: apmail-santuario-dev-archive@www.apache.org Received: (qmail 53151 invoked from network); 30 Mar 2011 17:50:02 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 30 Mar 2011 17:50:02 -0000 Received: (qmail 78498 invoked by uid 500); 30 Mar 2011 17:50:02 -0000 Delivered-To: apmail-santuario-dev-archive@santuario.apache.org Received: (qmail 78468 invoked by uid 500); 30 Mar 2011 17:50:02 -0000 Mailing-List: contact dev-help@santuario.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@santuario.apache.org Delivered-To: mailing list dev@santuario.apache.org Received: (qmail 78461 invoked by uid 99); 30 Mar 2011 17:50:02 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 30 Mar 2011 17:50:02 +0000 X-ASF-Spam-Status: No, hits=-0.7 required=5.0 tests=RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of cantor.2@osu.edu designates 128.146.216.84 as permitted sender) Received: from [128.146.216.84] (HELO defang4.it.ohio-state.edu) (128.146.216.84) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 30 Mar 2011 17:49:54 +0000 Received: from CIO-TNC-HT05.osuad.osu.edu (cio-tnc-ht05.osuad.osu.edu [164.107.81.168]) by defang4.it.ohio-state.edu (8.13.1/8.13.1) with ESMTP id p2UHnQHx019347 for ; Wed, 30 Mar 2011 13:49:31 -0400 Received: from CIO-TNC-D1MBX09.osuad.osu.edu ([fe80::1c1e:740:88e5:3701]) by CIO-TNC-HT05.osuad.osu.edu ([fe80::3940:6fde:690d:8647%19]) with mapi; Wed, 30 Mar 2011 13:42:30 -0400 From: "Cantor, Scott E." To: "dev@santuario.apache.org" Subject: Re: questions on xml-security-c and xalan-c Thread-Topic: questions on xml-security-c and xalan-c Thread-Index: AcvvAWDrjz4i+KudRYWnA/6mygYSWgAM3BwA Date: Wed, 30 Mar 2011 17:42:22 +0000 Message-ID: In-Reply-To: <06A6610D4F464D4EBEAFBF2C5F86911E02007FAF@exchange2.columbia.tresys.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: Content-Type: text/plain; charset="us-ascii" Content-ID: <61463a9b-6cba-4844-8c2b-bd93d7d2bdfd> Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Spam-Score: 0.00 () [Tag at 4.50] SPF(neutral,0) X-CanIt-Geo: ip=164.107.81.168; country=US; region=OH; city=Wooster; postalcode=44691; latitude=40.8077; longitude=-81.9730; metrocode=510; areacode=330; http://maps.google.com/maps?q=40.8077,-81.9730&z=6 X-CanItPRO-Stream: outbound X-Scanned-By: CanIt (www . roaringpenguin . com) on 128.146.216.84 X-Virus-Checked: Checked by ClamAV on apache.org On 3/30/11 7:39 PM, "Philip Black-Knight" wrote: >I'm looking into using santaurio in a application, but the disclaimers >regarding xalan make me a little nervous. They should, they'd certainly make me nervous. >We'd like to be able to add signatures to a document and allow the >document to get added to some other DOM tree and keep the signature >valid. I've been able to do this using an xmldsig-filter2 intersect >filter and the xpath expression "here():/ancestor::RootNode". A sample >document seems to work with the txfmout test program. An alternative to XPath, provided you have ID attributes and some application protection against wrapping attacks, is ID-based referencing of the object. >My understanding is that santaurio uses xalan-c to perform the >xmldsig-filter2 filtering and I was wondering if anyone knows of problems >with this. Is there an alternative? Not without finding and alternative and porting to it. I am aware of no XPath implementations via Xerces at this point. > The xalan project appears dead, is there a plan to move to an active >project? Any pointers to one? Not that I'm going to do the work, but even having a place to point would be better. Note that XML Signature in current form requires at least XPath 1, and support for the XPath 2 filter is separate and optional. So a 2-only library wouldn't work. -- Scott