Last month I released some prototype code for working with XMLSEC and XMLDSig in PHP and also mentioned that I would not be actively maintaining it. A few weeks ago I was asked by
Pat Patterson, one of the Federation Architects at
SUN, about incorporating the library for use in a
PHP based SAML 2.0 service provider within the
OpenSSO project. The code will probably recieve more attention there than I currently have time to provide, so you might want to check out what they are doing within their repository (
note: the code located there is subject to the
Common Developement and Distribution License). They are also looking for help from any PHP developers who might be interested in working the project.
So what does this mean to people already using the code or do not want to worry about any potential licensing issues?
The xmlseclibs code located on my site (including any changes I might make to it) currently is and will remain to reside within the Public Domain. Basically if you get the code from here you do not need to worry about any licensing legal mumbo jumbo (there is none). You will however be on your own for any bugs or problems you might encounter when using the code from here.
So what's in the future for working with Encryption and Digital Signatures in PHP?
We, Alexandre Kalendarev and myself, are close to being ready to add our xmlsec implementation to PECL, but are still working through some issues - especially in the Digital Signature area. Currently it can process almost the same files as when I use the xmlseclibs library, but is still lacking when trying to create signatures with multiple references.
For those who might want to try it out in its current state, you can
Download the Pre-Alpha code, which includes some examples. Also, Alexandre has some
documentation in Russian available, for those of you who can read it. It has taken us a while to get the code to this state, so hopefully we will be able to have an alpha release in the near future.