This activity is now closed. The information on this page is provided for historical purposes only.


XSLTProc describes a distributed model of lightweight open-source web services to manage the risk of running arbitrary XSL stylesheets.


Extensible Stylesheet Transformations (XSLT) are powerful tools for decoupling content from presentation, performing schema crosswalks, and enriching XML content. As described in the XSLT specification, however, stylesheets are vulnerable to denial of service security risks. In most cases, applications know and trust the stylesheets they use. Some applications, though, may need to accommodate arbitrary stylesheets that expose them to the denial of service risk. The XSLTProc model allows applications to delegate arbitrary XSL processing requests to a network of XSLT processor web services that are willing to assume this risk for particular stylesheets.

The XSLTProc model is based on two types of web services:

  • XSLTProc - A J2EE webapp that couples an off-the-shelf XSLT processor with an SRW/U catalog of XSL stylesheets the processor is willing to perform. This service is invoked with the same basic arguments you would use to invoke an XSLT processor from the command line.
  • XSLTDelegate - A J2EE webapp that couples an HTTP redirection service with an SRW/U union catalog of XSL stylesheets harvested from a network of XSLTProc installations. The arguments for this service are the same as for XSLTProc.

The hope is that interested parties will download and install XSLTProc and catalog the XSL stylesheets they use and trust. XSL processing requests from anywhere on the web can then be sent to these installations thus shifting the risk to the party running the XSLTProc installation.

Obviously, a client application wouldn't want to invoke one XSLTProc installation after another until it found one willing to process some stylesheet. To compensate, XSLTProc catalogs are OAI-harvestable. The XSLTDelegate service is designed to harvest these catalogs and then act as a front-end for the related XSLTProc installations. XSL processing requests can be sent to XSLTDelegate just as they could to a particular XSLTProc. Instead of performing the transform itself, however, XSLTDelegate redirects the request to a willing XSLTProc installation it finds in its union catalog.

Related Projects



Project team