The Perl Toolchain Summit needs more sponsors. If your company depends on Perl, please support this very important event.
 / 
XML-Compile-WSS-1.00
River stage one • 4 direct dependents • 5 total dependents
2 ++
/ XML::Compile::WSS

NAME

XML::Compile::WSS - OASIS Web Services Security

INHERITANCE

 XML::Compile::WSS is extended by
   XML::Compile::WSS::BasicAuth
   XML::Compile::WSS::Signature
   XML::Compile::WSS::Timestamp

SYNOPSIS

 # This modules van be used "stand-alone" ...
 my $schema = XML::Compile::Cache->new(...);
 my $auth   = XML::Compile::WSS::BasicAuth->new
   (schema => $schema, username => $user, ...);

 # ... or as SOAP slave (strict order of object creation!)
 my $wss    = XML::Compile::SOAP::WSS->new;
 my $wsdl   = XML::Compile::WSDL11->new($wsdlfn);
 my $auth   = $wss->basicAuth(username => $user, ...);

DESCRIPTION

The Web Services Security working group of W3C develops a set of standards which add signatures and encryption to XML.

In its current status, this module supports the following records in the Security header:

Encryption is not yet supported. Please hire me to get it implemented. You will certainly need the constants from XML::Compile::WSS::Util.

METHODS

Constructors

XML::Compile::WSS->new(OPTIONS)
 -Option     --Default
  schema       undef
  version      undef
  wss_version  <required>
schema => XML::Compile::Cache

Add the WSS extension information to the provided schema. If not used, you have to call loadSchemas() before compiling readers and writers.

version => STRING

Alternative for wss_version, but not always as clear.

wss_version => '1.1'|MODULE

[1.0] Explicitly state which version WSS needs to be produced. You may use a version number. You may also use the MODULE name, which is a namespace constant, provided via ::Util. The only option is currently WSS11MODULE.

Attributes

$obj->schema()
$obj->version()

Returns the version number.

Internals

$obj->dateTime(TIME|STRING|HASH)

Returns a structure which can be used as timestamp, for instance in Created and Expires fields. This helper function will help you use these timestamp fields correctly.

The WSU10 specification defines a free format timestamp. Of course, that is very impractical. Typically a "design by committee" decission. Also, the standard does not describe the ValueType field, which is often used to cover this design mistake.

example:

  # Both will get ValueType="$xsd/dateTime"
  Created => time()                 # will get formatted
  Created => '2012-10-14T22:26:21Z' # autodected

  # Explicit formatting
  Created => { _ => 'this Christmas'
             , ValueType => 'http://per6.org/releasedates'
             };

  # No ValueType added
  Created => 'this Christmas'
XML::Compile::WSS->loadSchemas(SCHEMA, VERSION)

SCHEMA must extend XML::Compile::Cache.

The SCHEMA settings will may changed a little. For one, the allow_undeclared flag will be set. Also, any_element will be set to 'ATTEMPT' and mixed_elements to 'STRUCTURAL'.

SEE ALSO

XML Security Generic Hybrid Ciphers

http://www.w3.org/TR/2011/CR-xmlsec-generic-hybrid-20110303/, 3 March 2011

XML Signature Properties

http://www.w3.org/TR/2011/CR-xmldsig-properties-20110303/, 3 March 2011

XML Signature Syntax and Processing Version 1.1

http://www.w3.org/TR/2011/CR-xmldsig-core1-20110303/, 3 March 2011

SOAP message security

http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0.pdf, March 2004

XML Signature Syntax and Processing (Second Edition)

http://www.w3.org/TR/2008/REC-xmldsig-core-20080610/, 10 June 2008

RFC4050 Using the ECDSA for XML Digital Signatures

http://www.ietf.org/rfc/rfc4050.txt, april 2005

RFC4051 Additional XML Security Uniform Resource Identifiers (URIs)

http://www.ietf.org/rfc/rfc4051.txt, april 2005

XML Encryption Syntax and Processing

http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/, 10 December 2002

SEE ALSO

This module is part of XML-Compile-WSS distribution version 1.00, built on October 16, 2012. Website: http://perl.overmeer.net/xml-compile/

Other distributions in this suite: XML::Compile, XML::Compile::SOAP, XML::Compile::SOAP12, XML::Compile::SOAP::Daemon, XML::Compile::SOAP::WSA, XML::Compile::C14N, XML::Compile::WSS, XML::Compile::Tester, XML::Compile::Cache, XML::Compile::Dumper, XML::Compile::RPC, XML::Rewrite, XML::eXistDB, and XML::LibXML::Simple.

Please post questions or ideas to the mailinglist at http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/xml-compile For live contact with other developers, visit the #xml-compile channel on irc.perl.org.

LICENSE

Copyrights 2011-2012 by [Mark Overmeer]. For other contributors see ChangeLog.

This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself. See http://www.perl.com/perl/misc/Artistic.html