Skip to Main Content
The XML signature specification provides a rich and flexible message signature model for XML documents, and it has been adopted by SOAP applications to provide message-level security. However, the XML signature design introduces a number of complex processing steps, such as canonicalization and XPath filtering, that often lead to performance and scalability problems when encountering extremes of size and rate in the processing of XML. In this paper, we focus on the performance of validating large signed XML messages, as might be sent by a scientific application using grid Web services. We present the design and implementation of the GHPX/SSSV system for the streaming validation of SOAP digital signature. Our model consists of a streaming canonicalization and optimized SOAP signature validation. We present an empirical study of the performance characteristics of these streaming validation features. Based on our evaluations we conclude that the streaming validation model can not only provide high performance, but is also memory efficient.