News

At TechEd: Microsoft rolls out WS enhancements

• By John K. Waters
• May 24, 2004

Microsoft is set to release the 2.0 version of its Web Services Enhancements for .NET (WSE or, as the Microsofties pronounce it, ''wizzy'') at the company's TechEd 2004 conference in San Diego, which runs May 23-28.

Basically, WSE is an add-on to the Visual Studio .NET dev tool and the .NET Framework. It is designed to allow developers to write and implement advanced Web services specifications, such as WS-Security, WS-Routing and WS-Attachments, by adding a few lines of code to their Web services applications.

New features in Version 2.0 include a policy framework, enhanced security model, message-based programming model and support for multiple hosting environments.

Security is a big part of the new version. The 1.0 version, which the company released in December 2002, supported encryption with x.509 certificates and username/password credentials. Version 2.0 adds support for Kerberos, the cross-platform authentication and single sign-on system. WSE 2.0 enables what Rebecca Dias, product manager for Web services at Microsoft, calls end-to-end security.

''When people talk about secure Web services, you hear the term 'business-to-business' a lot,'' Dias told Programmers Report . ''But it's not about B2B. It's about trust-domain-to-trust-domain, and those could very well be within the boundaries of your organization. Think about health care: Patient records move around from organization to organization within a hospital. Certain parts of that information need to be made available to, say, a nurse, other parts to a doctor and other parts to the person booking the appointments. Web services security is the only technology that exists in the marketplace that is going to allow you to sign and encrypt different parts of that message payload to be consumed by different end points within the system, whether those consumers are human beings or other systems.''

WSE's enhanced security model provides a policy-driven foundation for securing Web services across trust domains, Dias explained. It allows for the establishment of a Trust-issuing service for retrieving and validating security tokens. It also allows a secure conversation to be established so that authentication and authorization of calls within a session can happen more quickly than in more complex cryptographic operations.

From a tooling perspective, said Ari Bixhorn, product manager for Microsoft platform strategy, WSE 2.0 is designed to simplify the developer's life.

''After we released WSE 1.0, we heard loud and clear from the VB community that they wanted to get up and running quickly in WSE,'' Bixhorn said. ''We've introduced samples in VB.NET in WSE 2.0. It's a small thing, but for our bread-and-butter developers out there, it's going to be big. We've got more than 20 quickstarts in WSE 2.0, and they're in C# and VB, so it's a good source for the VB folks as well.''

Providing Web services security is going to be simple for Microsoft developers with the WSE add-on, Bixhorn said.

''As an add-on to Visual Studio .NET, [WSE 2.0] provides security settings wizards that walk developers through the process of defining policy,'' Bixhorn explained. ''The policy file is an XML-based file that's very easy to deploy as part of the Web service, but as a VB or C# developer, you don't need to worry about creating all of that XML yourself. It's created automatically by the tool.''

Bixhorn calls WSE 2.0 a ''speedboat'' release because, along with additional security features, this version enables developers to keep up with the latest Web services specs.

Microsoft also sees WSE 2.0 as a means of getting developers on the path to Service-Oriented Architectures (SOAs) and Indigo, the firm's Dias said. Indigo is the communications subsystem in Microsoft's upcoming Longhorn operating system. Microsoft calls it a ''new breed of communications infrastructure built around the Web services architecture.''

''In a broader sense, Indigo is service orientation at its finest,' 'said Dias. ''Basically, it is a single messaging stack for doing things like transactions, security and message queuing. Indigo is going to radically simplify and unify all of that into one messaging stack. One of the things we are doing with [WSE 2.0] is helping our customers to refine the Web services part of the overall service-oriented world that we'll have in the Indigo timeframe.''

Dias encourages developers who are thinking about SOAs to ''get on the WSE bandwagon.

''If you're thinking about service orientation,'' she added, ''and you want to start looking at the architecture of your system, and you want to start thinking about what the design of the system in the Indigo timeframe is going to look like, think about WSE,'' Dias said. ''It's a great vehicle for providing us with feedback for core platform technology that's going to live 10 years or so out.''

''And you can do it using the tools you already know and love,'' added Bixhorn.