JFYI (there are some streaming implemenation in the academia field , they are not using stax, but may provide idea for you)
A streaming validation model for soap digital signature http://www.cs.indiana.edu/~welu/c14n_hpdc05.pdf A Stream-based Implementation of XML Encryption http://portal.acm.org/ft_gateway.cfm?id=764795&type=pdf Improving WS-Security Performance with a Template-Based Approach http://doi.ieeecomputersociety.org/10.1109/ICWS.2005.70 On Thu, 9 Feb 2006, Chris Black wrote: > Hello all, > I've been trying to get a stream-based implementation of just the core > parts of the xml signature spec I need for my applications. I recently > researched a bunch of alternatives to dom/jdom which is what we used to > use and was causing performance problems, I ended up going with stax. > Anyway, I have been working on a hacked up proof of concept using stax > and only implementing enveloped dsa signatures including keyinfo and > making some progress. Right now I am not using standard canonicalization > because I was unable to find an easy way to do this in stax w/o writing > it myself (which I may do in the future). > I saw in the mailing list archives back in November that Raul Benito > mentioned perhaps working on a stax implementation. That path has my > vote :) One of the problems I ran into when trying to reference just > parts of the existing apache xml signature implementation was that many > of the classes don't have a way to use their functionality without using > DOM, so I end up writing my own quick implementations of all the parts I > need. This may of course just be due to my unfamiliarity with the code. > I was wondering if there are any thoughts on how a stax implementation > would fit into the package structure of the existing codebase and if > there had been any further work on stax implementations by anyone. And > also if anyone has tips on efficient canonicalization using > streams/transforms in some way. > > Chris >
