Microsoft Improves Security in Web Services Enhancements 3.0

 
 
By Darryl K. Taft  |  Posted 2005-11-07
 
 
 
Microsoft Corp. is expected to release a new version of its Web Services Enhancements technology that simplifies the development of secure Web services.

Ari Bixhorn, lead product manager for Web services strategy in the developer and platform division at Microsoft, said new WSE 3.0 features fall into three categories: simplified development of secure Web services, integration with Visual Studio 2005 and preparing developers for building applications on Windows Communication Foundation (WCF), code-named Indigo.

"WSE 3.0 brings three core strengths to the market: its support of VS 2005 and .Net 2.0, improved security support and capabilities, and consistency with WCF," said Jason Bloomberg, an analyst with ZapThink LLC, of Waltham, Mass., who has been briefed on the technology. "Developers will benefit by the greater consistency across WSE and Visual Studio. For developers looking to work with WCF, they will also see consistency in programming model and API from WSE to WCF."

Did Microsoft wait too long—or not long enough—to ship Visual Studio 2005? Click here to read Mary Jo Foleys view.

In addition, WSE 3.0 gives developers support for the latest Web services (WS-*) protocols, including support for the recently ratified MTOM (Message Transmission Optimization Mechanism) recommended by the World Wide Web Consortium. MTOM supersedes WS-Attachments, and because it composes with WS-Security both the body and any attachments sent along with a message using MTOM are encrypted, Bixhorn said. WSE 3.0 also optimizes attachments to reduce the message size using encoding. And the latest Web services specifications supported by the upgrade include WS-SecureConversation and WS-Trust, Bixhorn said.

"Perhaps the greatest strength of WSE 3.0 is its improved security capabilities," Bloomberg said. "WSE 3.0 simplifies security scenarios [including heterogeneous ones] through turnkey profiles, which will help to bring the use of WS-Security and other WS-* specs to a much broader developer base. Where WSE 1.0 was a bleeding-edge tool set, WSE 3.0 is much more mainstream—although you can still work with bleeding-edge standards like WS-Trust and WS-SecureConversation with it."

The latest version of WSE integrates seamlessly with Visual Studio 2005 and the .Net Framework 2.0, enabling more than 6 million Visual Basic and C# developers to leverage the skills and knowledge they already have to build secure Web services.

WSE 3.0 features a performance improvement of more than 30 percent over WSE 2.0, Bixhorn said. The new version also includes 64-bit support.

In addition, WSE 3.0 is hosting model independent, and WSE 3.0 Web services can either be hosted within Microsoft Internet Information Services (IIS) or outside IIS—for example, inside of Windows Services, Bixhorn said. And WSE 3.0 features transport independence, such that WSE 3.0 Web services communicate via HTTP, TCP or other custom transports, Bixhorn said. In fact, samples included within WSE 3.0 illustrate how to build custom UDP (User Datagram Protocol) and SMTP (Simple Mail Transfer Protocol).

"Were also getting on the path to WCF-based Web services," Bixhorn said. "WSE is interoperable on the wire with WCF. We have over 200 interoperability tests, and WSE 3.0 had to pass them all."

Microsoft issued a beta of WSE #.0 in July. New capabilities since then include the wire interoperability with WCF, as well as with IBMs WebSphere and BEA Systems Inc.s WebLogic application servers, Bixhorn said. Another new feature is a new diagnostic logging tool with debugging support. And WSE 3.0 also now features ClickOnce support to simplify deployment of WSE applications with Visual Studio 2005—a feature not in the July beta, Bixhorn said.

Check out eWEEK.coms for the latest news, reviews and analysis in Web services.

Rocket Fuel