[Fwd: [jdom-interest] Signing a JDOM Document]
per.norrman at austers.se
Thu Dec 2 08:47:09 PST 2004
Alistair Young wrote:
> You're a nice person Per :) I certainly have a business case for signing
> JDOM docs. Interesting point arises though - the whole point of signing is
> to transmit on the wire to something else. Something that probably doesn't
> speak JDOM. So you still have to convert to w3c to be interoperable.
Not sure what you mean by 'convert to w3c'. Do you mean serializing a JDOM
document to XML?
Having a standard like XML signature enables interoperability
between different implementations. If jdom-dsig is compliant, it will be able
to verify documents signed by other implementations, e.g. XML Security from
apache (http://xml.apache.org/security/); and other implementations will
be able to verify documents signed by jdom-dsig. And of course, the suff that
jdom-dsig implements is compliant.
> I'm in the same boat as you Per, learning about Java security.
> It would certainly be nice to be JDOM on either side, with w3c between, on
> the wire.
> Are there any benchmark comparisons between the memory footprints of JDOM
> vs w3c Documents?
I cannot recall any. But the point of jdom-dsig is that if you work with XML
and JDOM and has a need to sign or verify XML Signatures, it would be very
convenient to do it directly for the JDOM Document.
More information about the jdom-interest