Michael Rasmussen wrote:
On Tue, 13 Jun 2006 06:03:47 -0400, Rob Richards wrote:
Yes, you can still add headers.
Found Zeev's blog from last year:
http://www.suraski.net/blog/index.php?/archives/5-PHP-5s-SOAP-extension-and-SalesForce.html
It is now implemented:-)
It is not documented on php.net?
Was probably just missed.
Yea, this has been a problem working with the WS-* stuff. Much of it
hasn't been able to be described in a WSDL, so for WS-Security, the
client has needed to know ahead of time that the server uses and/or
requires it. Now, enter WSDL 2.0 and WS-Policy and it becomes possible
to describe these in the WSDL, although I have yet to run into a service
that deploys these. WSDL 2.0 was just changed to a recommendation at the
end of March.
In my experience WSDL 2.0 will not be part of any development tools for a
considerable time in which case deployment of services using WSDL 2.0 will
be next to nothing.
I vote for backporting it in some way to ext/soap.
I personally think this is a low priority. Without it being used or even
available on a number of platforms/languages there are surely other
things a bit more pressing.
From axis-wsse:
first objective:
Implements the <UsernameToken> spec (Web Service security UsernameToken
Profile - working draft 4, 11 August 2003)
* without password
* clear password
* password digest
* password+nonce+timestamp digest
Would that not be a nice goal?
Personally speaking it's not even close enough for what I need and why I
have been diving into the rest of wsse.
I will be writing it up on my blog (www.cdatazone.org) in the near
future. It is a bit complex and will be broken into several parts since
in order to leverage WS-Security, you first need to understand how to
use XMLENC and XMLDSIG. Then it's possible to move on to WS-Security.
Right now everything needs to be performed manually so there are few to
no shortcuts that can be used.
Why? I don't see this in the axis project. I admit my knowledge in wsse is
not extensive.
UsernameToken is just one small piece of wsse.
xmldsig provides integrity, message authentication and/or signer
authentication.
xmlenc provides encrpytion for specific portions of a message.
Take this scenario where a interaction with a Soap service is used to
interface with a building automation system remotely. xmldsig is used to
make sure that the instruction set has not been altered/tampered with
and that the instructions are from who they claim to be (these must be
auditable). Now the instructions are not be accessible to anyone except
the system where the automation system is located. Of course this would
not be located directly on the net, so the message would normally be
passed through a company's lan. xmlenc is used to protect the sensitive
portions of the message as it is impossible to guess the layout,
security, etc.. used by different companies.
Basically right now to accomplish this, the request is intercepted
within the __doRequest() method prior to being sent. Then using a
combination of DOM (note that canonicalization methods have been added
for 5.2), openssl, hash, and a couple of extra functions like
base64_encode, build out the headers which includes performing the
necessary encrypting and signing.
Rob
--
PHP Soap Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
