Scott,
Thank you for your detailed response. The XML parser is not an issue for us.
Do you have any opinion on maturity of the toolkits. My opinion is, that
xmllib is more mature and stable. On the other hand it looks like, that
Apache project is more alive (judging from the mailing list, bugs,...).
Thanks again,
Amiler
From: "Scott Cantor" <[EMAIL PROTECTED]>
Reply-To: security-dev@xml.apache.org
To: <security-dev@xml.apache.org>
Subject: RE: Xmlsec vs. ApacheSecurity project
Date: Mon, 13 Feb 2006 20:39:44 -0500
I've used both, out of necessity because the Apache version didn't exist
yet. The real issue is the parser. xmlsec is libxml2-based, while Apache is
Xerces-based. That should be the determining factor for most applications,
IMHO. libxml2 and xmlsec are C-based, while the Apache/Xerces tools are
C++-based.
I found xmlsec much harder to use with much more verbose code (mainly
because it's in C), and it tried to do way too much for me in the area of
certificate evaluation, something Apache leaves entirely to me. That alone
put me off it.
Neither was terrifically documented, but that's par for the course. I will
say I haven't used the encryption support in either library.
But xmlsec is more common (C is more common than C++) and seems to be more
widely used. That's probably always going to be true of any C vs. C++
comparison.
I looked at it from the point of view that if Berin (the main committer)
dropped the project, I felt I could handle the Apache code base myself
internally if I had to. I was in no way willing to do that with xlmsec.
Just my thoughts.
-- Scott
_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
