I have been using the xmlsec java library for quite a while now to digitally sign (and subsequently verify) large (multi-hundred megabyte) XML documents. However, the burden on our resources of the DOM based strategy has become to much to bear in the attempt to scale our system.
After looking for SAX based implementations and coming up empty, I made the tough decision to abandon the standard and roll my own. After some research I fairly quickly dismissed SAX as the appropriate mechanism. Instead I decided to use STaX, and specifically the element based reader/writer support. Using the element based approach allowed me to get some canonicalization out of the process (enough for my needs), and still maintain the fairly high performance and low memory requirements implied in a STaX implementation. My question is this: Are there any efforts like this currently going on in the community (none that I could find, outside of a largely untested SAX based patch)? If not, would there be interest in helping to advance the state of the code I have, and if possible modify it to follow the XML Signature specification? Currently the code suits my needs, which are very limited, and there would likely be significant effort in bringing it up to spec. However, I feel strongly that a DOM based implementation can be not much more than a reference implementation if we're ever to make XML signature (and encryption) a part of large scale enterprise class systems. Any comments or criticisms would be much appreciated. -- rjf&
