You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@santuario.apache.org by Werner Dittmann <We...@t-online.de> on 2005/09/01 09:08:12 UTC
Re: Using WSS4J for signing large XML messages - crosspost to XML-SEC
I would doubt if WSS4J works with this type of messages. We use
DOM, XML-SEC uses DOM, and Xalan uses DOM too. Also during the
processing of the message there is a need to perform cannonicalization.
IMHO, the current c14n implementation requires to have the
full document as DOM in memory.
I'm not a specialist in c14, but I can imagine that some c14n
algorithms are not possible without having the doc in memory. I'm sure
the c14n-insiders can answer this question.
I crosspost this the the XML-SEC mailing list, because this is
mainly a problem of security handling.
Regards,
Werner
Davanum Srinivas wrote:
> very interesting...what sort of hardware do you run this on currently?
> we haven't tested this large messages. internally yes we use DOM.
> Xerces does have some deferred load capabilities, depends on the jvm
> performance as well. would be worth our time to try this out and see
> if we can help you. let us know. If we see stuff that fails, am
> positive we can get it fixed one way or another (since all components
> in wss4j are open source as well)
>
> thanks,
> dims
>
> On 8/31/05, Idan Miller <id...@actcom.co.il> wrote:
>
>>
>>Hi everyone,
>>
>>Our project uses web services to transfer XML messages that can be of a very
>>large size (up to 100MB).
>>
>>Currently, we are using WSE over IIS for verifying the signing for incoming
>>messages. Due to a problem with WSE loading the XML using a DOM Document
>>(probably due to cannonization), combined with memory being held in the
>>large object heap in .NET, we are unable to transfer very large messages,
>>since we simply run out of memory that doesn't get released.
>>
>>Now that WSS4J is out, we would like to know if this problem will be solved
>>by changing our architecture to use apache axis and WSS4J:
>>
>>How does WSS4J handle large messages?
>>Does it use DOM or does it use a reader (SAX) for cannonization?
>>Also, if it does use DOM, has it been tested for out of memory errors?
>>
>>p.s. we are using X509 certificates for the signing.
>>
>>Thanks,
>>Idan.
>
>
>