Microsoft Releases Technology for Developing Secure Web Services

Microsoft has released the latest version of its Web Services Enhancements technology. WSE 3.0 is an add-on to the company's newly launched Visual Studio 2005 and the .NET Framework 2.0. It allows developers to write and implement Web Services Interoperability Organization's WS* protocols (WS-Security, WS-Routing, WS-Attachments etc.) by adding a few lines of code to their apps.

''As we've seen the WS* specs become pervasive as a heterogeneous integration technology, we wanted to build out a set of tools that would allow developers to get early and frequent access to the latest versions of those specifications,'' says Ari Bixhorn, director Web services strategy at Microsoft.

Microsoft calls WSE ''a natural stepping stone'' to building Web services using the Windows Communication Foundation. WCF (formerly code-named Indigo) is the service-oriented messaging system for Microsoft's upcoming Vista OS. It's designed to unify and extend distributed technology stacks to deliver a consistent, composable experience for building connected systems.

Microsoft launched WSE 1.0 in 2002, targeting bleeding-edge early adopters. With WSE 2.0, launched in 2004, the technology went mainstream, with more standard support. Since that launch, Microsoft has distributed more than 700 thousand copies, Bixhorn says.

''Having so many WSE 2.0 adopters over the past year provided us with a lot of great feedback during the development cycle,'' Bixhorn tells ProgrammingTrends. This release's two primary design goals—making it easier to build secure Web services and getting developers on the path to developing WCF-based apps—were based on that user feedback, Bixhorn says.

WSE 3.0 also supports the recently ratified Message Transmission Optimization Mechanism recommendation from the W3C. MTOM is an attachment technology for Web services. It allows developers to send attachments with their Web service payloads in a secure fashion. ''This is something that we couldn't do before with WS-attachments,'' Bixhorn explains. ''Now, if I have a document or a media file or any type of binary information that I want to send along with a Web services message, I can encrypt that very easily.'' Also, MTOM shrinks the size of the message, providing better performance on the wire, he says.

The new features with WSE 3.0 include:

  • A set of turnkey Web services security profiles designed to allow developers to build five of the most common Web services security scenarios with a few clicks
  • Hosting model independence, which enables WSE 3.0 Web services to be hosted within or outside IIS (inside Windows Services, for example)
  • Transport independence, which makes it possible for WSE 3.0 Web services to communicate via HTTP, TCP or other custom transports
  • A simplified programming model for securely attaching documents, media files and other binary data to Web services payloads.
  • Wire-level interoperability with WCF through support for updated and new Web services specifications, including the latest versions of WS-SecureConversation and WS-Trust, recently submitted to the OASIS standards organization

WSE 3.0 is available as a free download from the Microsoft Developer Network, for members and non-members, here.

About the Author

John K. Waters is a freelance writer based in Silicon Valley. He can be reached at [email protected].