Info required on SAX implementation of XML Dgital Signature verification

> Hi all,
>
> We are trying to use the SAX implementation of the XML Digital Signature
> verification. The reason of choosing SAX over DOM is because we are
> having huge files(10-30MB) whose signature needs to be created and
> verified( Also it should be multithreaded). And in the DOM
> implementation we are not able to meet NFRs in the processing time and
> the Memory usage. Using the SAX implementation has reduced the
> processing time and memory usage also but the difference is not huge.
>  Has anyone got any different implementation or way of using the SAX
> parser for the signature validation?
>
>  
>
> I was also looking at the STAX implementation code
> (https://svn.apache.org/repos/asf/xml/security/branches/stax_jsr105/)
> but I found that the branch code itself is incomplete. There are couple
> of missing classes which have been used in it and its giving compilation
> error.
>
> Missing Classes name are –
>
>>com.r_bg.stax.StaxStructure
>
>>com.r_bg.stax.c14n.StaxCanonicalizationMethod
>
>  
>
> Can anyone point out where I can find these classes or how to implement
> these classes?
>
>  
>
> Regards,
>
> Pankaj Kharbe
>
>  
>
> This e-mail and any files transmitted with it are for the sole use of
> the intended recipient(s) and may contain confidential and privileged
> information.
> If you are not the intended recipient, please contact the sender by
> reply e-mail and destroy all copies of the original message.
> Any unauthorised review, use, disclosure, dissemination, forwarding,
> printing or copying of this email or any action taken in reliance on
> this e-mail is strictly
> prohibited and may be unlawful.
>

> It seems like the last time I worked on this, I didn't check in those
> new classes. Let me see if I can find an old workspace and I'll get back
> to you.
>
> --Sean
>
> Pankaj.Kharbe@... wrote:
>> Hi all,
>>
>> We are trying to use the SAX implementation of the XML Digital
>> Signature verification. The reason of choosing SAX over DOM is because
>> we are having huge files(10-30MB) whose signature needs to be created
>> and verified( Also it should be multithreaded). And in the DOM
>> implementation we are not able to meet NFRs in the processing time and
>> the Memory usage. Using the SAX implementation has reduced the
>> processing time and memory usage also but the difference is not huge.
>>  Has anyone got any different implementation or way of using the SAX
>> parser for the signature validation?
>>
>>  
>>
>> I was also looking at the STAX implementation code
>> (https://svn.apache.org/repos/asf/xml/security/branches/stax_jsr105/)
>> but I found that the branch code itself is incomplete. There are
>> couple of missing classes which have been used in it and its giving
>> compilation error.
>>
>> Missing Classes name are –
>>
>>> com.r_bg.stax.StaxStructure
>>
>>> com.r_bg.stax.c14n.StaxCanonicalizationMethod
>>
>>  
>>
>> Can anyone point out where I can find these classes or how to
>> implement these classes?
>>
>>  
>>
>> Regards,
>>
>> Pankaj Kharbe
>>
>>  
>>
>> This e-mail and any files transmitted with it are for the sole use of
>> the intended recipient(s) and may contain confidential and privileged
>> information.
>> If you are not the intended recipient, please contact the sender by
>> reply e-mail and destroy all copies of the original message.
>> Any unauthorised review, use, disclosure, dissemination, forwarding,
>> printing or copying of this email or any action taken in reliance on
>> this e-mail is strictly
>> prohibited and may be unlawful.
>>
>

>> but I found that the branch code itself is incomplete. There are
>> couple of missing classes which have been used in it and its giving
>> compilation error.
>>
>> Missing Classes name are -
>>
>>> com.r_bg.stax.StaxStructure
>>
>>> com.r_bg.stax.c14n.StaxCanonicalizationMethod
>>
>>  
>>
>> Can anyone point out where I can find these classes or how to
>> implement these classes?
>>
>>  
>>
>> Regards,
>>
>> Pankaj Kharbe
>>
>>  
>>
>> This e-mail and any files transmitted with it are for the sole use of

> Sean,
> It would be great if you provide me those classes.
>
> Thanking in anticipation.
>
> Regards,
> Pankaj Kharbe
>
> -----Original Message-----
> From: Sean.Mullan@... [mailto:Sean.Mullan@...]
> Sent: Tuesday, October 13, 2009 11:14 PM
> To: security-dev@...
> Subject: Re: Info required on SAX implementation of XML Dgital Signature
> verification
>
> The difference in memory usage should be noticeable in a streaming
> implementation, especially when validating large signatures. Also, the
> amount of memory used should be fairly constant as the size of the data
> increases.
>
> --Sean
>
> Sean Mullan wrote:
>> It seems like the last time I worked on this, I didn't check in those
>> new classes. Let me see if I can find an old workspace and I'll get
> back
>> to you.
>>
>> --Sean
>>
>> Pankaj.Kharbe@... wrote:
>>> Hi all,
>>>
>>> We are trying to use the SAX implementation of the XML Digital
>>> Signature verification. The reason of choosing SAX over DOM is
> because
>>> we are having huge files(10-30MB) whose signature needs to be created
>
>>> and verified( Also it should be multithreaded). And in the DOM
>>> implementation we are not able to meet NFRs in the processing time
> and
>>> the Memory usage. Using the SAX implementation has reduced the
>>> processing time and memory usage also but the difference is not huge.
>
>>>  Has anyone got any different implementation or way of using the SAX
>>> parser for the signature validation?
>>>
>>>  
>>>
>>> I was also looking at the STAX implementation code
>>> (https://svn.apache.org/repos/asf/xml/security/branches/stax_jsr105/)
>
>>> but I found that the branch code itself is incomplete. There are
>>> couple of missing classes which have been used in it and its giving
>>> compilation error.
>>>
>>> Missing Classes name are -
>>>
>>>> com.r_bg.stax.StaxStructure
>>>> com.r_bg.stax.c14n.StaxCanonicalizationMethod
>>>  
>>>
>>> Can anyone point out where I can find these classes or how to
>>> implement these classes?
>>>
>>>  
>>>
>>> Regards,
>>>
>>> Pankaj Kharbe
>>>
>>>  
>>>
>>> This e-mail and any files transmitted with it are for the sole use of
>
>>> the intended recipient(s) and may contain confidential and privileged
>
>>> information.
>>> If you are not the intended recipient, please contact the sender by
>>> reply e-mail and destroy all copies of the original message.
>>> Any unauthorised review, use, disclosure, dissemination, forwarding,
>>> printing or copying of this email or any action taken in reliance on
>>> this e-mail is strictly
>>> prohibited and may be unlawful.
>>>
>
>
> This e-mail and any files transmitted with it are for the sole use of the intended recipient(s) and may contain confidential and privileged information.
> If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.
> Any unauthorised review, use, disclosure, dissemination, forwarding, printing or copying of this email or any action taken in reliance on this e-mail is strictly
> prohibited and may be unlawful.