Werner A group of four students from the University of Morutuwa built a WS-Security implementation architected directly on top of Axiom as their final year project. Saliya (copied) is one of them, plus Sameera, Isuru and Kalani. (Forgive me for excluding their surnames). They called this "Rampart2" as a code-name, but of course naming would need to be decided by the community. AFAIK they intend to contribute this to the WS project - and the contribution of canonicalization into Axiom is the first step they have taken.
My understanding is that they have submitted a paper on this to the IITC conference, so the paper will be published at the end of the month. In the meantime, if you contact Saliya, I'm sure he can share a pre-press version. Saliya also mentioned he is planning to share some results in a blog. Paul On Thu, Oct 16, 2008 at 7:49 AM, Dittmann, Werner (NSN - DE/Munich) <[EMAIL PROTECTED]> wrote: > Paul, > > a link to this work would be nice :-) , > > Regards, > Werner > >> -----Original Message----- >> From: ext Paul Fremantle [mailto:[EMAIL PROTECTED] >> Sent: Thursday, October 16, 2008 8:37 AM >> To: Dennis Sosnoski >> Cc: Colm O hEigeartaigh; Werner Dittmann; jimmy Zhang; >> [EMAIL PROTECTED]; [email protected]; [EMAIL PROTECTED] >> Subject: Re: WSS4J 1.5.4 Encryption Performance Question >> >> Dennis >> >> I don't know about *just* canonicalization, but the team built a >> complete version of WS-Security on top of Axiom and in their tests the >> overall speedup ranged from 1.7-3x faster on various scenarios and >> message sizes. >> >> Paul >> >> On Thu, Oct 16, 2008 at 7:29 AM, Dennis Sosnoski >> <[EMAIL PROTECTED]> wrote: >> > Hi Paul, >> > >> > I don't think that C14N support in Axiom is likely to be of >> much direct >> > benefit for performance. Axiom is slower and more >> memory-intensive than >> > standard DOM implementations when a document model needs to >> be build - its >> > advantage is that barring signing and such, most times you >> can get away >> > without the need for a document model - so I don't see that >> using Axiom >> > rather than a standard DOM is really going to help. >> > >> > The exception would be cases where only some tokens in the >> header are being >> > signed, which is actually the case that started this >> discussion. If the >> > Axiom+Rampart+WSS4J combination is smart enough to only >> build the Axiom DOM >> > for the header tokens that are being signed, this should >> give much better >> > performance than when the entire message has to be >> converted to a DOM. >> > >> > I look forward to comparing the performance using Axiom >> C14N vs. using >> > standard DOM, and will give this a try as soon as it >> becomes an option in >> > the configuration. >> > >> > - Dennis >> > >> > >> > Paul Fremantle wrote: >> >>> >> >>> IMO >> >>> C14N (in the case of signature) and DOM are the main culprits for >> >>> performance as far as WSS4J is concerned, not PKC. >> >>> >> >> >> >> I believe that some students have built out C14N directly >> in Axiom and >> >> are planning to contribute it to Axiom shortly. That >> should make a big >> >> difference. >> >> >> >> Paul >> >> >> >> >> > >> >> >> >> -- >> Paul Fremantle >> Co-Founder and CTO, WSO2 >> Apache Synapse PMC Chair >> OASIS WS-RX TC Co-chair >> >> blog: http://pzf.fremantle.org >> [EMAIL PROTECTED] >> >> "Oxygenating the Web Service Platform", www.wso2.com >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> >> > -- Paul Fremantle Co-Founder and CTO, WSO2 Apache Synapse PMC Chair OASIS WS-RX TC Co-chair blog: http://pzf.fremantle.org [EMAIL PROTECTED] "Oxygenating the Web Service Platform", www.wso2.com --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
