110 likes | 259 Views
XML Security Processing With VTD-XML. Jimmy Zhang XimpleWare Feb-18, 10:05am. XML Security: The definition. XML Security refers to the set of practices to ensure the security and authenticity of XML/SOAP payload. Is mostly XML message processing
E N D
XML Security Processing With VTD-XML Jimmy Zhang XimpleWare Feb-18, 10:05am
XML Security: The definition • XML Security refers to the set of practices to ensure the security and authenticity of XML/SOAP payload. • Is mostly XML message processing • Some common keywords of, or related to, XML security • XML encryption • XML signature • SAML • Single sign on • Essential to the success of Web Services.
Challenges of XML security processing • Existing techniques are based on DOM or SAX • Slow: DOM doesn’t give more than 3~5 MB/sec • Difficult to use: SAX doesn’t build trees in memory, unsuitable for SOAP header processing • But there is more. Consider the following: • No incremental update with either DOM or SAX • Repetitive parsing for every message stop
The Problem Statement • The biggest problem of current XML processing concerns how an XML message is tokenized. • For historical reasons, a token is a string terminated with a NULL. • Tokenize XML this way creates lots of string objects • Object creation is the biggest performance killer • No way to support incremental update
The Solution: Virtual Token Descriptor • Alternative tokenization technique exists, i.e., using offset and length. Object creation cost also can be minimized by using fixed length integers • Virtual Token Descriptor (VTD) is a binary format specifying how to tokenized “non-extractively.” • VTD records are 64-bit integers that encode the starting offset, length, token type and nesting depth of tokens in XML
Benefits of VTD • Potentially very high performance • By reducing per-object memory/processing overhead • Custom ASIC implementation • Memory Resident: Random access possible • Incremental Update • Efficient content extraction • Inherent persistent: Avoid repetitive parsing
Introducing VTD-XML • VTD-XML is the open source (GPL) XML processing API built on the concept of VTD. • Current version 0.8 Hosted at http://vtd-xml.sf.net • Have all the benefits of VTD • Implementation available in both Java and C, delivering 25~35MB/sec sustained parsing performance on a 1.5GHz processor. • Ideally suited for XML security application
VTD-XML’s User Experience • Highest performance parsing available in software • Random access capable meaning user-friendliness • The most efficient when one wants to add, delete or update XML payload • The most efficient to extract content from XML payload • VTD, a natural index of XML, can be sent along with XML itself to avoid repetitive parsing. • ASIC implementation delivers 2Gb/Sec performance.
Case Study 1: Change a single token value • After • Before
Summary • VTD-XML is the next generation XML processing API that fundamentally solves multiple problems of XML security processing.