Thanks a lot Sean :D
Regards
Dave Garcia
-Mensaje original-
De: Sean Mullan [mailto:[EMAIL PROTECTED]
Enviado el: jueves, 01 de septiembre de 2005 14:29
Para: security-dev@xml.apache.org
Asunto: Re: Signature validation issues
The JSR 105 API which will be added to the next (1.4) relea
The JSR 105 API which will be added to the next (1.4) release of Apache
XMLSec allows you to determine whether an invalid signature was caused
by a signature value that failed to verify and/or if one or more of the
reference digests failed to match.
--Sean
David Garcia wrote:
Hi,
My name
Hi,
My name is David Garcia and I’m
developing an XmlSignature Validation engine. In the
first step it uses apache security framework to check signature’s
correctness and when the signature is valid there’s no problem but when
there’s a problem with something (like a bad hash, invalid S
I would doubt if WSS4J works with this type of messages. We use
DOM, XML-SEC uses DOM, and Xalan uses DOM too. Also during the
processing of the message there is a need to perform cannonicalization.
IMHO, the current c14n implementation requires to have the
full document as DOM in memory.
I'm not
