The Perl Toolchain Summit needs more sponsors. If your company depends on Perl, please support this very important event.

NAME

XML::Compile::WSS - OASIS Web Services Security

INHERITANCE

 XML::Compile::WSS is extended by
   XML::Compile::WSS::BasicAuth
   XML::Compile::WSS::Signature
   XML::Compile::WSS::Timestamp

SYNOPSIS

 # This modules van be used "stand-alone" ...
 my $schema = XML::Compile::Cache->new(...);
 my $auth   = XML::Compile::WSS::BasicAuth->new
   (schema => $schema, username => $user, ...);

 # ... or as SOAP slave (strict order of object creation!)
 my $wss    = XML::Compile::SOAP::WSS->new;
 my $wsdl   = XML::Compile::WSDL11->new($wsdlfn);
 my $auth   = $wss->basicAuth(username => $user, ...);

DESCRIPTION

The Web Services Security working group of W3C develops a set of standards which add signatures and encryption to XML.

In its current status, this module implements features in the Security header. One header may contain more than one of these:

You will certainly need the constants from XML::Compile::WSS::Util. Besides, when you want to use Security with SOAP, then use XML::Compile::SOAP::WSS.

METHODS

Constructors

XML::Compile::WSS->new(OPTIONS)
 -Option     --Default
  schema       undef
  version      undef
  wss_version  <required>
schema => an XML::Compile::Cache object

Add the WSS extension information to the provided schema. If not used, you have to call loadSchemas() before compiling readers and writers.

version => STRING

Alternative for wss_version, but not always as clear.

wss_version => '1.1'|MODULE

[1.0] Explicitly state which version WSS needs to be produced. You may use a version number. You may also use the MODULE name, which is a namespace constant, provided via ::Util. The only option is currently WSS11MODULE.

Attributes

$obj->schema()
$obj->version()

Returns the version number.

Helpers

$obj->dateTime(TIME|STRING|HASH)

Returns a structure which can be used as timestamp, for instance in Created and Expires fields. This helper function will help you use these timestamp fields correctly.

The WSU10 specification defines a free format timestamp. Of course, that is very impractical. Typically a "design by committee" decission. Also, the standard does not describe the ValueType field, which is often used to cover this design mistake.

example:

  # Both will get ValueType="$xsd/dateTime"
  Created => time()                 # will get formatted
  Created => '2012-10-14T22:26:21Z' # autodected

  # Explicit formatting
  Created => { _ => 'this Christmas'
             , ValueType => 'http://per6.org/releasedates'
             };

  # No ValueType added
  Created => 'this Christmas'

Internals

XML::Compile::WSS->loadSchemas(SCHEMA, VERSION)

SCHEMA must extend XML::Compile::Cache.

The SCHEMA settings will may changed a little. For one, the allow_undeclared flag will be set. Also, any_element will be set to 'ATTEMPT' and mixed_elements to 'STRUCTURAL'.

DETAILS

Specifications

A huge number of specifications act in this field. Every self respecting company has contributed its own implementation into the field. A lot of this is not supported, but the list of constants should be complete in XML::Compile::WSS::Util.

  • XML Security Generic Hybrid Ciphers

    http://www.w3.org/TR/2011/CR-xmlsec-generic-hybrid-20110303/, 3 March 2011

  • XML Signature Properties

    http://www.w3.org/TR/2011/CR-xmldsig-properties-20110303/, 3 March 2011

  • XML Signature Syntax and Processing Version 1.1

    http://www.w3.org/TR/2011/CR-xmldsig-core1-20110303/, 3 March 2011

  • SOAP message security

    http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0.pdf, March 2004

  • XML Signature Syntax and Processing (Second Edition)

    http://www.w3.org/TR/2008/REC-xmldsig-core-20080610/, 10 June 2008

  • RFC4050 Using the ECDSA for XML Digital Signatures

    http://www.ietf.org/rfc/rfc4050.txt, april 2005

  • RFC4051 Additional XML Security Uniform Resource Identifiers (URIs)

    http://www.ietf.org/rfc/rfc4051.txt, april 2005

  • XML Encryption Syntax and Processing

    http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/, 10 December 2002

SEE ALSO

This module is part of XML-Compile-WSS distribution version 1.01, built on October 18, 2012. Website: http://perl.overmeer.net/xml-compile/

Other distributions in this suite: XML::Compile, XML::Compile::SOAP, XML::Compile::SOAP12, XML::Compile::SOAP::Daemon, XML::Compile::SOAP::WSA, XML::Compile::C14N, XML::Compile::WSS, XML::Compile::Tester, XML::Compile::Cache, XML::Compile::Dumper, XML::Compile::RPC, XML::Rewrite, XML::eXistDB, and XML::LibXML::Simple.

Please post questions or ideas to the mailinglist at http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/xml-compile For live contact with other developers, visit the #xml-compile channel on irc.perl.org.

LICENSE

Copyrights 2011-2012 by [Mark Overmeer]. For other contributors see ChangeLog.

This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself. See http://www.perl.com/perl/misc/Artistic.html