Microsoft Releases Technology for Developing Secure Web Services
- By John K. Waters
Microsoft has released the latest version of its Web Services Enhancements
technology. WSE 3.0 is an add-on to the company's newly launched Visual Studio
2005 and the .NET Framework 2.0. It allows developers to write and implement
Web Services Interoperability Organization's WS* protocols (WS-Security, WS-Routing,
WS-Attachments etc.) by adding a few lines of code to their apps.
''As we've seen the WS* specs become pervasive as a heterogeneous integration
technology, we wanted to build out a set of tools that would allow developers
to get early and frequent access to the latest versions of those specifications,''
says Ari Bixhorn, director Web services strategy at Microsoft.
Microsoft calls WSE ''a natural stepping stone'' to building Web services using
the Windows Communication Foundation. WCF (formerly code-named Indigo) is the
service-oriented messaging system for Microsoft's upcoming Vista OS. It's designed
to unify and extend distributed technology stacks to deliver a consistent, composable
experience for building connected systems.
Microsoft launched WSE 1.0 in 2002, targeting bleeding-edge early adopters.
With WSE 2.0, launched in 2004, the technology went mainstream, with more standard
support. Since that launch, Microsoft has distributed more than 700 thousand
copies, Bixhorn says.
''Having so many WSE 2.0 adopters over the past year provided us with a lot
of great feedback during the development cycle,'' Bixhorn tells ProgrammingTrends.
This release's two primary design goals—making it easier to build secure
Web services and getting developers on the path to developing WCF-based apps—were
based on that user feedback, Bixhorn says.
WSE 3.0 also supports the recently ratified Message Transmission Optimization
Mechanism recommendation from the W3C. MTOM is an attachment technology for
Web services. It allows developers to send attachments with their Web service
payloads in a secure fashion. ''This is something that we couldn't do before
with WS-attachments,'' Bixhorn explains. ''Now, if I have a document or a media
file or any type of binary information that I want to send along with a Web
services message, I can encrypt that very easily.'' Also, MTOM shrinks the size
of the message, providing better performance on the wire, he says.
The new features with WSE 3.0 include:
- A set of turnkey Web services security profiles designed to allow developers
to build five of the most common Web services security scenarios with a few
- Hosting model independence, which enables WSE 3.0 Web services to be hosted
within or outside IIS (inside Windows Services, for example)
- Transport independence, which makes it possible for WSE 3.0 Web services
to communicate via HTTP, TCP or other custom transports
- A simplified programming model for securely attaching documents, media
files and other binary data to Web services payloads.
- Wire-level interoperability with WCF through support for updated and new
Web services specifications, including the latest versions of WS-SecureConversation
and WS-Trust, recently submitted to the OASIS standards organization
WSE 3.0 is available as a free download from the Microsoft Developer Network,
for members and non-members, here.
John K. Waters is a freelance writer based in Silicon Valley. He can be reached