DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=39029>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=39029 ------- Additional Comments From [EMAIL PROTECTED] 2006-03-22 19:56 ------- I have started to review the Stax architecture for xml security submitted in the attachment and have a few comments: 1. Change StaxSignatureVerifcator to StaxSignatureVerifier 2. I don't see how the current structure would work with an XMLStreamReader containing more than one signature, the code seems to start from the current position and seek until end. I think a better "contract" might be that the factory or filtered reader just read until a matching pair of start sig / end sig tags are found. That way the caller could get another sig verified by moving the XMLStreamReader forward themselves. 3. I see plenty of 1.5-isms, this may be ok, but then we need to make sure the documentation is clear that Java 1.5+ is needed to use this part of the library. 4. Unit tests use RSA, which I believe requires a 3rd-party JCE. Perhaps having the unit tests use DSA so they work w/o an external JCE would be better. I also plan to use DSA in my code for this reason (don't want to require a 3rd-party JCE). -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
