grantm has asked for the wisdom of the Perl Monks concerning the following question:

I find myself in the uncomfortable position of having to communicate with an identity server using WS-Trust - a system for exchanging trusted security tokens built with SOAP + XML Digital Signatures.

No obvious WS-Trust framework/implementation leapt out at me from CPAN. When I search with Google for ws-trust +perl, Google suggests I retry my search without "perl" :-(

Anyone have any pointers to an existing Perl implementation?

Replies are listed 'Best First'.
Re: Anyone doing WS-Trust with Perl?
by daxim (Curate) on Nov 28, 2013 at 09:43 UTC
    Sorry, no immediate help from me. I use this opportunity for a rant. My excuse is that I have no blog (G+ doesn't count).

    I have observed that since Perl modules are overwhelmingly grass-roots and initially almost always single-person efforts, this becomes a good Litmus test for a standard. (A standard is a IETF draft/RFC, W3C recommendation and the like, or Shub-Internet forbid, an ISO spec or worse. You know what I mean.) Can it be reasonably implemented by a single hacker in the spare time before 'e gives up, eyes bleeding from the tech jargon and brain trying to escape through the ears to make the dullness stop? Or do you need to throw money at the problem, assign a swat team of 9-5 professionals to crack the mother open methodically, and eventually? (Hi, Java.)

    XML, for instance, falls firmly in the former camp. It's nice and small (really, look just how short the spec is), and as a proof of concept you can even hack your parser with just 200 SLOC bouncing off the regex matcher. (This is where the famous "desperate Perl hacker" meme comes from that was even expressed as a OSCON sticky badge.)

    WS-anything, does not, precisely because the standards are huge and unwieldy and messy and IMO barely comprehensibly, trying to solve problems that became rapidly irrelevant (for instance, the whole SAML bullshit can be completely replaced with TLS). With the exception of LWP::Authen::Wsse, I haven't seen adoption in the Perl world. This is the same reason why our SOAP implementations lagged behind, and feature-full implementations only appeared when the heyday of RPC was already over.

    tl;dr OASIS is where standards go that are not viable in real life.

    Update: telling grantm about XML → facepalm of the day! ~:-| I'm gonna fetch a coffee.

      Don't worry - I too could rant all day about the evils of XML and vastly over-complicated interop 'standards'.

      I've still got to do this thing though :-)

Re: Anyone doing WS-Trust with Perl?
by Khen1950fx (Canon) on Nov 28, 2013 at 16:04 UTC
    Take a look at WSO2::WSF. It uses Apache's Axis2 which uses Apache Rampart which uses WS-Trust. You'll probably need to checkout Axis2/C from Subversion.
      Those are useful links - thanks.