Various folks in what is becoming known as the “scripter” community, i.e. people who code in Perl/PHP/Python/Ruby scripting languages, have complained that SAML is “too hard” to implement, for essentially two reasons..

• Having to parse XML.
• Having to use XMLdsig — XML Digital Signature specification.

The first excuse is becoming more and more moot as tools and techniques proliferate and experience grows.

The second is, it appears, becoming more mitigated with the appearance of various packages that implement XMLdsig for the scripting world. Here’s pointers to a couple…

Rob Richard’s XMLseclibs for PHP
http://www.cdatazone.org/index.php?/archives
/13-SUNs-OpenSSO-project-is-new-home-to-xmlseclibs-code.html

XMLsig for Dynamic Languages (Ruby, Python, PHP and Perl)
http://xmlsig.sourceforge.net/

Now, I hear that some in the scripter community perhaps won’t like the XMLsig package because it is scripting languages wrapped around C wrapped around the xmlsec library (http://www.aleksey.com/xmlsec/), rather than a “native” scripting-language implementation, which is what Rob Richard’s apparently is. Well, time will tell, and in any case, it is good to see this base beginning to get covered.

[later addition; 27-Dec-2006]

John Kemp points out that he wrote up a brief HowTo paper on writing essentially a library similar to XMLsig-for-Dynamic-Langs, for PHP, back in April 2006. Since Aleksey Sanin has already done the work of implementing XMLdsig, it seems to me to make sense to take advantage of it. Here’s JohnK’s material…

PHP XML Signatures
http://appliedlife.blogspot.com/2006/04/php-xml-signatures.html

XML Signatures in PHP
http://web.mac.com/john.kemp/php-xml-sig.html