NAME

XML::Compile::WSS - OASIS Web Services Security

INHERITANCE

XML::Compile::WSS is extended by
  XML::Compile::SOAP::WSS

SYNOPSIS

my $schema = XML::Compile::Cache->new(...);
my $wss    = XML::Compile::WSS->new(version => '1.1'
  , schema => $schema);

use XML::Compile::WSS::Util ':wss11'

DESCRIPTION

The Web Services Security working group of W3C develops a set of standards which add signatures and encryption to XML.

In its current status, this module supports processing (reading and writing) of the XML meta-data involved, however there is no support for in-file encryption or signature checking (yet).

The examples directory included in the distribution of the module contains examples how to use it. There even is an extended example how to produce these structures (writing), but that is quite difficult where the standard uses "any" elements everywhere.

METHODS

Constructors

XML::Compile::WSS->new(OPTIONS)
-Option --Default
 schema   undef
 version  <required>
schema => XML::Compile::Cache

Add the WSS extension information to the provided schema. If not used, you have to call loadSchemas() before compiling readers and writers.

version => '1.1'|MODULE

Explicitly state which version WSS needs to be produced. You may use a version number. You may also use the MODULE name, which is a namespace constant, provided via ::Util. The only option is currently WSS11MODULE.

Attributes

$obj->schema()
$obj->version()

Returns the version number.

Simplifications

$obj->wsseBasicAuth(USERNAME, PASSWORD, [PWTYPE])

Many SOAP applications require a username/password authentication, like HTTP's basic authentication. See examples/usertoken/manually.pl for an example how to construct this by hand for any possible requirement. This method, however, offers a simplification for the usual case. See a working example in examples/usertoken/with_help.pl

The optional PWTYPE parameter contains either the UTP11_PTEXT or UTP11_PDIGEST constant. The PTEXT is the plain-text version of the password. When PDIGEST is used, the password will get encrypted for you.

example: how to use wsseBasicAuth

my $call     = $wsdl->compileClient($operation);
my $security = $wss->wsseBasicAuth($username, $password);

my ($answer, $trace) = $call->
  ( wsse_Security => $security
  , %payload
  );

use XML::Compiles::WSS::Util ':utp11';
my $sec = $wss->wsseBasicAuth($user, $password, UTP11_PTEXT);
my $sec = $wss->wsseBasicAuth($user, $password, UTP11_PDIGEST);

Internals

$obj->loadSchemas(SCHEMA)

SCHEMA must extend XML::Compile::Cache.

The SCHEMA settings will may changed a little. For one, the allow_undeclared flag will be set. Also, any_element will be set to 'ATTEMPT' and mixed_elements to 'STRUCTURAL'.

SEE ALSO

XML Signature Syntax and Processing (Second Edition)

http://www.w3.org/TR/2008/REC-xmldsig-core-20080610/, 10 June 2008

XML Encryption Syntax and Processing

http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/, 10 December 2002

XML Security Generic Hybrid Ciphers

http://www.w3.org/TR/2011/CR-xmlsec-generic-hybrid-20110303/, 3 March 2011

XML Signature Properties

http://www.w3.org/TR/2011/CR-xmldsig-properties-20110303/, 3 March 2011

XML Signature Syntax and Processing Version 1.1

http://www.w3.org/TR/2011/CR-xmldsig-core1-20110303/, 3 March 2011

RFC4050 Using the ECDSA for XML Digital Signatures

http://www.ietf.org/rfc/rfc4050.txt, april 2005

RFC4051 Additional XML Security Uniform Resource Identifiers (URIs)

http://www.ietf.org/rfc/rfc4051.txt, april 2005

SEE ALSO

This module is part of XML-Compile-WSS distribution version 0.13, built on January 25, 2012. Website: http://perl.overmeer.net/xml-compile/

Other distributions in this suite: XML::Compile, XML::Compile::SOAP, XML::Compile::SOAP12, XML::Compile::SOAP::Daemon, XML::Compile::SOAP::WSA, XML::Compile::C14N, XML::Compile::WSS, XML::Compile::Tester, XML::Compile::Cache, XML::Compile::Dumper, XML::Compile::RPC, XML::Rewrite, XML::eXistDB, and XML::LibXML::Simple.

Please post questions or ideas to the mailinglist at http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/xml-compile For live contact with other developers, visit the #xml-compile channel on irc.perl.org.

LICENSE

Copyrights 2011-2012 by Mark Overmeer. For other contributors see ChangeLog.

This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself. See http://www.perl.com/perl/misc/Artistic.html