You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@santuario.apache.org by Eric Johnson <er...@tibco.com> on 2011/01/21 00:34:24 UTC
Port of XML Security 1.4.4 to GenXDM API
You might have noticed the addition of:
http://code.google.com/a/apache-extras.org/p/santuario-genxdm/
to the "Apache Extras" hosted site.
This project aims to be a fully compatible port of the existing XML
Security APIs that works using the GenXDM APIs that we've been
developing, instead of DOM. We brought the GenXDM project
<http://code.google.com/p/genxdm/> to the attention of the Apache
Incubator some time back (we called in gXML at the time
<http://wiki.apache.org/incubator/gXMLProposal>).
Our overall aim is to bring GenXDM back to Apache for incubation, so
that ports of libraries like XML Security can then build on top of the
capabilities of GenXDM. To that end, we've done this particular port to
attract interest, and to prove out the potential, and the capabilities.
We have, with this port, demonstrated the ability to use the full
functionality of the XML Security library over non-DOM XML trees,
including a new set of tests that verify using non-DOM trees with the
updated XML Security APIs.
Please come look at what we've got! Let us know what you think. Better
yet, join the GenXDM project, and help us make it a success!
-Eric.
Re: Port of XML Security 1.4.4 to GenXDM API
Posted by Eric Johnson <er...@tibco.com>.
This is a follow-up email. I know at least one person on this list
expressed some small interest in the port.
So I wanted to check to see if anyone had any feedback on our port, or
feedback that they just hadn't gotten around to writing in an email.
-Eric
On 1/20/11 3:34 PM, Eric Johnson wrote:
> You might have noticed the addition of:
>
> http://code.google.com/a/apache-extras.org/p/santuario-genxdm/
>
> to the "Apache Extras" hosted site.
>
> This project aims to be a fully compatible port of the existing XML
> Security APIs that works using the GenXDM APIs that we've been
> developing, instead of DOM. We brought the GenXDM project
> <http://code.google.com/p/genxdm/> to the attention of the Apache
> Incubator some time back (we called in gXML at the time
> <http://wiki.apache.org/incubator/gXMLProposal>).
>
> Our overall aim is to bring GenXDM back to Apache for incubation, so
> that ports of libraries like XML Security can then build on top of the
> capabilities of GenXDM. To that end, we've done this particular port
> to attract interest, and to prove out the potential, and the capabilities.
>
> We have, with this port, demonstrated the ability to use the full
> functionality of the XML Security library over non-DOM XML trees,
> including a new set of tests that verify using non-DOM trees with the
> updated XML Security APIs.
>
> Please come look at what we've got! Let us know what you think.
> Better yet, join the GenXDM project, and help us make it a success!
>
> -Eric.
>
Re: Port of XML Security 1.4.4 to GenXDM API
Posted by Eric Johnson <er...@tibco.com>.
Hi Sean,
On 1/26/11 1:32 PM, Sean Mullan wrote:
> On 1/26/11 2:08 PM, Eric Johnson wrote:
>> Hi Sean,
>>
>> On 1/26/11 10:26 AM, Sean Mullan wrote:
>>> On 1/25/11 12:07 PM, Eric Johnson wrote:
>>>> Hi Sean,
>>>>
>>>> Excellent!
>>>>
>>>> I forgot to mention one very significant detail in my original email:
>>>>
>>>> Using a non-DOM implementation can be significantly faster. Just
>>>> looking at the
>>>> timing of the matching test cases, the non-DOM XML tree we've got
>>>> running looks
>>>> to run the test cases against the XML Security library
>>>> approximately 30% faster,
>>>> at least that was a pattern I noticed a while back.
>>>
>>> Great. I haven't looked at your code yet, but did you implement a
>>> JSR 105
>>> provider using GenXDM? When we designed the JSR 105 API, one of our
>>> goals was
>>> to design it so that non-DOM implementations could be plugged in. I
>>> would be
>>> curious as to your experience with that and how well the API fit
>>> your needs.
>>
>> I'm guessing that would be this issue:
>> http://code.google.com/a/apache-extras.org/p/santuario-genxdm/issues/detail?id=10
>>
>>
>> I certainly had to touch that code. For JDK 1.6 compatibility, I
>> renamed the
>> implementation from org.jcp.... to org.apache.jcp.... Given what I've
>> seen, I
>> think writing the support will go pretty quickly.
>>
>> I suspect the real work here is that duplicating all the test cases
>> that use the
>> existing JSR 105 code, but instead of using DOM, will have to use
>> GenXDM.
>
> Right, the work you did to port the org.jcp code to use GenXDM is
> definitely needed, but to be able to plug into the JSR 105 API, I
> believe you'll also need to create a "GenXDM" XMLSignatureFactory
> implementation and additional subclasses of the JSR 105 API (similar
> to those in the javax.xml.crypto.dom and javax.xml.crypto.dsig.dom
> packages). Basically, I think the goal would be to make the JSR 105
> samples in the Santuario samples work properly with your
> implementation. Let me know if that makes sense.
Yes, absolutely. That's about where my understanding has been at. I've
just not gotten around to that, hence the bug I filed against myself....
Thanks for checking.
-Eric.
>
> --Sean
>
>>
>> I was inspired by your questions to throw together a page describing
>> some of the
>> key differences of this port from the official project:
>>
>> http://code.google.com/a/apache-extras.org/p/santuario-genxdm/wiki/DifferencesFromSantuario
>>
>>
>>
>> -Eric.
>>>
>>> --Sean
>>>
>>>>
>>>> -Eric.
>>>>
>>>> On 1/25/11 8:16 AM, Sean Mullan wrote:
>>>>> Thanks for sending the link to your project, it sounds interesting
>>>>> and I will
>>>>> try to check it out in more detail when I have more time.
>>>>>
>>>>> --Sean
>>>>>
>>>>> On 1/20/11 6:34 PM, Eric Johnson wrote:
>>>>>> You might have noticed the addition of:
>>>>>>
>>>>>> http://code.google.com/a/apache-extras.org/p/santuario-genxdm/
>>>>>>
>>>>>> to the "Apache Extras" hosted site.
>>>>>>
>>>>>> This project aims to be a fully compatible port of the existing
>>>>>> XML Security
>>>>>> APIs that works using the GenXDM APIs that we've been developing,
>>>>>> instead of
>>>>>> DOM. We brought the GenXDM project
>>>>>> <http://code.google.com/p/genxdm/> to the
>>>>>> attention of the Apache Incubator some time back (we called in
>>>>>> gXML at the
>>>>>> time
>>>>>> <http://wiki.apache.org/incubator/gXMLProposal>).
>>>>>>
>>>>>> Our overall aim is to bring GenXDM back to Apache for incubation,
>>>>>> so that
>>>>>> ports
>>>>>> of libraries like XML Security can then build on top of the
>>>>>> capabilities of
>>>>>> GenXDM. To that end, we've done this particular port to attract
>>>>>> interest,
>>>>>> and to
>>>>>> prove out the potential, and the capabilities.
>>>>>>
>>>>>> We have, with this port, demonstrated the ability to use the full
>>>>>> functionality
>>>>>> of the XML Security library over non-DOM XML trees, including a
>>>>>> new set of
>>>>>> tests
>>>>>> that verify using non-DOM trees with the updated XML Security APIs.
>>>>>>
>>>>>> Please come look at what we've got! Let us know what you think.
>>>>>> Better yet,
>>>>>> join
>>>>>> the GenXDM project, and help us make it a success!
>>>>>>
>>>>>> -Eric.
>>>>>>
Re: Port of XML Security 1.4.4 to GenXDM API
Posted by Sean Mullan <se...@oracle.com>.
On 1/26/11 2:08 PM, Eric Johnson wrote:
> Hi Sean,
>
> On 1/26/11 10:26 AM, Sean Mullan wrote:
>> On 1/25/11 12:07 PM, Eric Johnson wrote:
>>> Hi Sean,
>>>
>>> Excellent!
>>>
>>> I forgot to mention one very significant detail in my original email:
>>>
>>> Using a non-DOM implementation can be significantly faster. Just looking at the
>>> timing of the matching test cases, the non-DOM XML tree we've got running looks
>>> to run the test cases against the XML Security library approximately 30% faster,
>>> at least that was a pattern I noticed a while back.
>>
>> Great. I haven't looked at your code yet, but did you implement a JSR 105
>> provider using GenXDM? When we designed the JSR 105 API, one of our goals was
>> to design it so that non-DOM implementations could be plugged in. I would be
>> curious as to your experience with that and how well the API fit your needs.
>
> I'm guessing that would be this issue:
> http://code.google.com/a/apache-extras.org/p/santuario-genxdm/issues/detail?id=10
>
> I certainly had to touch that code. For JDK 1.6 compatibility, I renamed the
> implementation from org.jcp.... to org.apache.jcp.... Given what I've seen, I
> think writing the support will go pretty quickly.
>
> I suspect the real work here is that duplicating all the test cases that use the
> existing JSR 105 code, but instead of using DOM, will have to use GenXDM.
Right, the work you did to port the org.jcp code to use GenXDM is definitely
needed, but to be able to plug into the JSR 105 API, I believe you'll also need
to create a "GenXDM" XMLSignatureFactory implementation and additional
subclasses of the JSR 105 API (similar to those in the javax.xml.crypto.dom and
javax.xml.crypto.dsig.dom packages). Basically, I think the goal would be to
make the JSR 105 samples in the Santuario samples work properly with your
implementation. Let me know if that makes sense.
--Sean
>
> I was inspired by your questions to throw together a page describing some of the
> key differences of this port from the official project:
>
> http://code.google.com/a/apache-extras.org/p/santuario-genxdm/wiki/DifferencesFromSantuario
>
>
> -Eric.
>>
>> --Sean
>>
>>>
>>> -Eric.
>>>
>>> On 1/25/11 8:16 AM, Sean Mullan wrote:
>>>> Thanks for sending the link to your project, it sounds interesting and I will
>>>> try to check it out in more detail when I have more time.
>>>>
>>>> --Sean
>>>>
>>>> On 1/20/11 6:34 PM, Eric Johnson wrote:
>>>>> You might have noticed the addition of:
>>>>>
>>>>> http://code.google.com/a/apache-extras.org/p/santuario-genxdm/
>>>>>
>>>>> to the "Apache Extras" hosted site.
>>>>>
>>>>> This project aims to be a fully compatible port of the existing XML Security
>>>>> APIs that works using the GenXDM APIs that we've been developing, instead of
>>>>> DOM. We brought the GenXDM project <http://code.google.com/p/genxdm/> to the
>>>>> attention of the Apache Incubator some time back (we called in gXML at the
>>>>> time
>>>>> <http://wiki.apache.org/incubator/gXMLProposal>).
>>>>>
>>>>> Our overall aim is to bring GenXDM back to Apache for incubation, so that
>>>>> ports
>>>>> of libraries like XML Security can then build on top of the capabilities of
>>>>> GenXDM. To that end, we've done this particular port to attract interest,
>>>>> and to
>>>>> prove out the potential, and the capabilities.
>>>>>
>>>>> We have, with this port, demonstrated the ability to use the full
>>>>> functionality
>>>>> of the XML Security library over non-DOM XML trees, including a new set of
>>>>> tests
>>>>> that verify using non-DOM trees with the updated XML Security APIs.
>>>>>
>>>>> Please come look at what we've got! Let us know what you think. Better yet,
>>>>> join
>>>>> the GenXDM project, and help us make it a success!
>>>>>
>>>>> -Eric.
>>>>>
Re: Port of XML Security 1.4.4 to GenXDM API
Posted by Eric Johnson <er...@tibco.com>.
Hi Sean,
On 1/26/11 10:26 AM, Sean Mullan wrote:
> On 1/25/11 12:07 PM, Eric Johnson wrote:
>> Hi Sean,
>>
>> Excellent!
>>
>> I forgot to mention one very significant detail in my original email:
>>
>> Using a non-DOM implementation can be significantly faster. Just
>> looking at the
>> timing of the matching test cases, the non-DOM XML tree we've got
>> running looks
>> to run the test cases against the XML Security library approximately
>> 30% faster,
>> at least that was a pattern I noticed a while back.
>
> Great. I haven't looked at your code yet, but did you implement a JSR
> 105 provider using GenXDM? When we designed the JSR 105 API, one of
> our goals was to design it so that non-DOM implementations could be
> plugged in. I would be curious as to your experience with that and how
> well the API fit your needs.
I'm guessing that would be this issue:
http://code.google.com/a/apache-extras.org/p/santuario-genxdm/issues/detail?id=10
I certainly had to touch that code. For JDK 1.6 compatibility, I renamed
the implementation from org.jcp.... to org.apache.jcp.... Given what
I've seen, I think writing the support will go pretty quickly.
I suspect the real work here is that duplicating all the test cases that
use the existing JSR 105 code, but instead of using DOM, will have to
use GenXDM.
I was inspired by your questions to throw together a page describing
some of the key differences of this port from the official project:
http://code.google.com/a/apache-extras.org/p/santuario-genxdm/wiki/DifferencesFromSantuario
-Eric.
>
> --Sean
>
>>
>> -Eric.
>>
>> On 1/25/11 8:16 AM, Sean Mullan wrote:
>>> Thanks for sending the link to your project, it sounds interesting
>>> and I will
>>> try to check it out in more detail when I have more time.
>>>
>>> --Sean
>>>
>>> On 1/20/11 6:34 PM, Eric Johnson wrote:
>>>> You might have noticed the addition of:
>>>>
>>>> http://code.google.com/a/apache-extras.org/p/santuario-genxdm/
>>>>
>>>> to the "Apache Extras" hosted site.
>>>>
>>>> This project aims to be a fully compatible port of the existing XML
>>>> Security
>>>> APIs that works using the GenXDM APIs that we've been developing,
>>>> instead of
>>>> DOM. We brought the GenXDM project
>>>> <http://code.google.com/p/genxdm/> to the
>>>> attention of the Apache Incubator some time back (we called in gXML
>>>> at the time
>>>> <http://wiki.apache.org/incubator/gXMLProposal>).
>>>>
>>>> Our overall aim is to bring GenXDM back to Apache for incubation,
>>>> so that ports
>>>> of libraries like XML Security can then build on top of the
>>>> capabilities of
>>>> GenXDM. To that end, we've done this particular port to attract
>>>> interest, and to
>>>> prove out the potential, and the capabilities.
>>>>
>>>> We have, with this port, demonstrated the ability to use the full
>>>> functionality
>>>> of the XML Security library over non-DOM XML trees, including a new
>>>> set of tests
>>>> that verify using non-DOM trees with the updated XML Security APIs.
>>>>
>>>> Please come look at what we've got! Let us know what you think.
>>>> Better yet, join
>>>> the GenXDM project, and help us make it a success!
>>>>
>>>> -Eric.
>>>>
Re: Port of XML Security 1.4.4 to GenXDM API
Posted by Sean Mullan <se...@oracle.com>.
On 1/25/11 12:07 PM, Eric Johnson wrote:
> Hi Sean,
>
> Excellent!
>
> I forgot to mention one very significant detail in my original email:
>
> Using a non-DOM implementation can be significantly faster. Just looking at the
> timing of the matching test cases, the non-DOM XML tree we've got running looks
> to run the test cases against the XML Security library approximately 30% faster,
> at least that was a pattern I noticed a while back.
Great. I haven't looked at your code yet, but did you implement a JSR 105
provider using GenXDM? When we designed the JSR 105 API, one of our goals was to
design it so that non-DOM implementations could be plugged in. I would be
curious as to your experience with that and how well the API fit your needs.
--Sean
>
> -Eric.
>
> On 1/25/11 8:16 AM, Sean Mullan wrote:
>> Thanks for sending the link to your project, it sounds interesting and I will
>> try to check it out in more detail when I have more time.
>>
>> --Sean
>>
>> On 1/20/11 6:34 PM, Eric Johnson wrote:
>>> You might have noticed the addition of:
>>>
>>> http://code.google.com/a/apache-extras.org/p/santuario-genxdm/
>>>
>>> to the "Apache Extras" hosted site.
>>>
>>> This project aims to be a fully compatible port of the existing XML Security
>>> APIs that works using the GenXDM APIs that we've been developing, instead of
>>> DOM. We brought the GenXDM project <http://code.google.com/p/genxdm/> to the
>>> attention of the Apache Incubator some time back (we called in gXML at the time
>>> <http://wiki.apache.org/incubator/gXMLProposal>).
>>>
>>> Our overall aim is to bring GenXDM back to Apache for incubation, so that ports
>>> of libraries like XML Security can then build on top of the capabilities of
>>> GenXDM. To that end, we've done this particular port to attract interest, and to
>>> prove out the potential, and the capabilities.
>>>
>>> We have, with this port, demonstrated the ability to use the full functionality
>>> of the XML Security library over non-DOM XML trees, including a new set of tests
>>> that verify using non-DOM trees with the updated XML Security APIs.
>>>
>>> Please come look at what we've got! Let us know what you think. Better yet, join
>>> the GenXDM project, and help us make it a success!
>>>
>>> -Eric.
>>>
Re: Port of XML Security 1.4.4 to GenXDM API
Posted by Eric Johnson <er...@tibco.com>.
Hi Sean,
Excellent!
I forgot to mention one very significant detail in my original email:
Using a non-DOM implementation can be significantly faster. Just
looking at the timing of the matching test cases, the non-DOM XML tree
we've got running looks to run the test cases against the XML Security
library approximately 30% faster, at least that was a pattern I noticed
a while back.
-Eric.
On 1/25/11 8:16 AM, Sean Mullan wrote:
> Thanks for sending the link to your project, it sounds interesting and
> I will try to check it out in more detail when I have more time.
>
> --Sean
>
> On 1/20/11 6:34 PM, Eric Johnson wrote:
>> You might have noticed the addition of:
>>
>> http://code.google.com/a/apache-extras.org/p/santuario-genxdm/
>>
>> to the "Apache Extras" hosted site.
>>
>> This project aims to be a fully compatible port of the existing XML
>> Security
>> APIs that works using the GenXDM APIs that we've been developing,
>> instead of
>> DOM. We brought the GenXDM project <http://code.google.com/p/genxdm/>
>> to the
>> attention of the Apache Incubator some time back (we called in gXML
>> at the time
>> <http://wiki.apache.org/incubator/gXMLProposal>).
>>
>> Our overall aim is to bring GenXDM back to Apache for incubation, so
>> that ports
>> of libraries like XML Security can then build on top of the
>> capabilities of
>> GenXDM. To that end, we've done this particular port to attract
>> interest, and to
>> prove out the potential, and the capabilities.
>>
>> We have, with this port, demonstrated the ability to use the full
>> functionality
>> of the XML Security library over non-DOM XML trees, including a new
>> set of tests
>> that verify using non-DOM trees with the updated XML Security APIs.
>>
>> Please come look at what we've got! Let us know what you think.
>> Better yet, join
>> the GenXDM project, and help us make it a success!
>>
>> -Eric.
>>
Re: Port of XML Security 1.4.4 to GenXDM API
Posted by Sean Mullan <se...@oracle.com>.
Thanks for sending the link to your project, it sounds interesting and I will
try to check it out in more detail when I have more time.
--Sean
On 1/20/11 6:34 PM, Eric Johnson wrote:
> You might have noticed the addition of:
>
> http://code.google.com/a/apache-extras.org/p/santuario-genxdm/
>
> to the "Apache Extras" hosted site.
>
> This project aims to be a fully compatible port of the existing XML Security
> APIs that works using the GenXDM APIs that we've been developing, instead of
> DOM. We brought the GenXDM project <http://code.google.com/p/genxdm/> to the
> attention of the Apache Incubator some time back (we called in gXML at the time
> <http://wiki.apache.org/incubator/gXMLProposal>).
>
> Our overall aim is to bring GenXDM back to Apache for incubation, so that ports
> of libraries like XML Security can then build on top of the capabilities of
> GenXDM. To that end, we've done this particular port to attract interest, and to
> prove out the potential, and the capabilities.
>
> We have, with this port, demonstrated the ability to use the full functionality
> of the XML Security library over non-DOM XML trees, including a new set of tests
> that verify using non-DOM trees with the updated XML Security APIs.
>
> Please come look at what we've got! Let us know what you think. Better yet, join
> the GenXDM project, and help us make it a success!
>
> -Eric.
>