On 3/30/11 7:39 PM, "Philip Black-Knight" <[email protected]> wrote: >I'm looking into using santaurio in a application, but the disclaimers >regarding xalan make me a little nervous.
They should, they'd certainly make me nervous. >We'd like to be able to add signatures to a document and allow the >document to get added to some other DOM tree and keep the signature >valid. I've been able to do this using an xmldsig-filter2 intersect >filter and the xpath expression "here():/ancestor::RootNode". A sample >document seems to work with the txfmout test program. An alternative to XPath, provided you have ID attributes and some application protection against wrapping attacks, is ID-based referencing of the object. >My understanding is that santaurio uses xalan-c to perform the >xmldsig-filter2 filtering and I was wondering if anyone knows of problems >with this. Is there an alternative? Not without finding and alternative and porting to it. I am aware of no XPath implementations via Xerces at this point. > The xalan project appears dead, is there a plan to move to an active >project? Any pointers to one? Not that I'm going to do the work, but even having a place to point would be better. Note that XML Signature in current form requires at least XPath 1, and support for the XPath 2 filter is separate and optional. So a 2-only library wouldn't work. -- Scott
