Over the last while I've been lucky enough to have some conversations with a php web services guru from the northeast called Rob Richards. He asked some very good questions about self-issued identities, which I wrote up and will be posting, and also answered a number of my questions about PHP.
Besides being prolific and modest he kind of won my heart through a posting called I asked for a beer, The photo at right shows what he got instead – city people, that is a bear, not a dog – and the story reminds me of all kinds of personal episodes too crazy for me to even think about at this stage.
But that's not the point. He's been quietly doing amazing work that again shows how close we are to getting ubiquity with progressively more robust identity technology.
Here is a posting that refers to slides from some talks he did at PHP|2006 in Montreal.
The first was called Advanced XML and Web Services (with accompanying code), while the second was a good overview of XML Security that is so up to date it even covers Information Cards in excellent detail.
But wait, folks. That's not all. There's also the code base. And the fact that he has InfoCard-enabled his Serendipity blog.
For the XML Security session, what people are probably most interested is the code used to implement WS-Security and possibly Infocards using PHP.
Security Library – Base XML Security library implementing XMLENC and XMLDSig functionality.
WS-Security library – WS-Security library for use with SOAP. Currently only implements client functionality and is missing the ability to encrypt SOAP data.
Example Usage of WS-Security – An example of interacting with the Amazon Elastic Compute Cloud (Amazon EC2) SOAP Service. Easily re-factored for use with other services requiring WS-Security.
Infocard Library – Base library for processing infocards.
Infocard demonstration – Demonstration of processing a submitted Infocard. The result is a SAML token along with a function to view submitted assertions. The form has NOT been updated to work with the recent namespace change, so modify the requiredClaims for use with IE7 RC1, Vista RC1 or .NET 3.0 RC1.These libraries and examples contain unmaintained, yet useable code. They were developed only for testing while designing an API for C based code and most likely any extensions developed to perform the functionality will differ from the code provided here. There are many optimizations that can be made to provide better performance, so feel free to make any modifications you like. I may provide updates in the way of bug fixes if needed and might extend them a bit more if so inspired (such as adding encryption to the soap client or possibly handling of ws-security on the server side), but if anyone wants to take the code and run with it, please let me know as I would gladly provide help (time permitting).