Position Presentation for Next Step for XML Signature and Encryption

About XimpleWare

  • XimpleWare is a provider of high performance XML processing solutions


  • Mission: Accelerate the world-wide adoption of SOA, one XML message at a time


  • Technology: Non-extractive Parsing for semi-nstructured data (e.g. XML, JSON, and future formats)


  • Our current product: VTD-XML (Virtual Token Descriptor based XML processing)
The Performance Issue
XML Signature and XML Encryption have significant performance issues:
There are at least two ways to look at those issues:
  • Blame CPU, memory, networks for not being fast enough, and ultimately the laws of physics for being not accommodating


  • Or (more practically) come to terms with reality and blame the design of those specs
XML Canonicalization: The Culprit 
The slow performance of XML security is not an implementation issue, but a design issue:
  • C14n is too complex


  • Complexity implies processing overhead


  • C14n is a problem that has no (satisfactory) solutions
Plus, C14n seems to serve a purpose (comparing documents)quite different from XML security.
The Problems of XML Info-Set
C14n largely inherits XML Info-set's problem
  • Lightly put, XML infoset is a redundant addition to XML that is already complete in its own right


  • More seriously, XML infoset specifies a set of behaviors (on how to parse XML in DOM) that are inherently CPU and memory intensive (essentially DOM's problem)

Infoset's biggest problem: it causes the specs to be designed top-down (by starting with a concept that is questionable in the first place, e.g. perpetual motion machine, CORBA, etc).


Time to Think Bottom-Up
Guide the design process by the constraints, weaknesses, and limitations of the building blocks.
Several ways to think about this approach:
  • Be proactive: look for road-blocks and show-stoppers before they do any damage
  • A better way to find what works may be to simply avoid what doesn't work (e.g. avoid building air castle)
  • Do what the laws of nature allow
Our experience building VTD-XML bottom-up
  • Determine an efficent tree representation (VTD, LCs)
  • Then determine an API that fits that representation
How to Enhance XML Security
Preliminary Thoughts
  • Think of XML as syntax, and simplify it (i.e. focusing on the SOAP subset).
  • Embrace the weaknesses and limitations of XML and the digital system.
  • Keep the design simple.
  • Every cycle matters, so does every bit.
  • Don't under-do it, don't over-do it, do it just right. 
Good performance should come as a result.

And ultimately the design should obey the laws of physics (not the other way around).

Previous slide Next slide Hide toolbar