Wednesday, July 16, 2003

CNUG: WSE v2.0 TP I gave a talk on WSE v2.0 TP at tonight's CNUG meeting. The PPT deck is here: http://www.bristowe.com/presentations/wse%20v2.0%20tp.ppt (442 KB) Most of my time was spent reviewing the specifications and running through the quick start demos. I can't wait to bang out a few examples once I figure out the landscape - particularly those that demo assertions and policy system extensibility in WSE v2.0 TP. During my presentation, I asked how many developers had played with WSE. Two people raised their hands. There were approximately 110 people in attendance. So sad. I find it really surprising how little WSE resonates with JRandom developer. IMHO, this is an awesome piece of technology that's well worth thorough examination and experimentation. A special thanks to Scott for "Tips for a Successful MSFT Presentation". ZoomIn came in very handy when explaining the SOAP messages in MSSoapT. Cheers. 11:26:00 PM    comment []

ARTICLE: Programming with Web Services Enhancements 2.0 http://msdn.microsoft.com/library/en-us/dnwebsrv/html/programwse2.asp 1:49:17 PM    comment []

WSE v2.0 TP: Go! Go! Go! Many thanks to Keith and his XML messaging cohort for WSE v2.0 TP. Gettin' bizzy with whizzy. For shizzle. (MTV has polluted my innocent Canadian brain.) The rush to hit WSE v2.0 TP is unbelievable from this end. Needless to say, when the bits were posted to Microsoft Downloads yesterday, most of us acted like secret service agents around a high-profile dignitary. "Swarm! Swarm!" It's been less than 24 hours and I have already had the pleasure of watching policy assertions in action. Support for WS-Policy is the #1 key feature of WSE v2.0 TP. The policy framework looks to be pretty rock solid and should eliminate a great deal of supporting/utility code in [Web] methods. Of course, wrapping your head around this policy framework can be a daunting task. I would suspect to see a few articles on this topic very soon. ;-) "It's a few milestones to release, we got a full repository of code, two dozen developers, it's new and we're using WSE v2.0 TP. Hit it." On a personal note, it will be very interesting to see how people will extend the default assertion set and processing classes (Microsoft.Web.Services.Policy.PolicyAssertion) supported in WSE v2.0 TP. Other highlights in WSE v2.0 TP: An extensible protocol framework Second key feature of WSE v2.0 TP. As Ingo eluded to a while back, WSE v2.0 TP breaks away from its predecessor's implied binding (HTTP) by providing an extensible protocol framework. This frees us to explore any number of deployment scenarios, including TCP, which is supported by default. WS-Trust and security context tokens Context establishment is a big issue for shops wanting to conduct a dialog without paying the penalty of authentication for each message. Kerberos support Support for Kerberos v5 tickets and realms should greatly increase uptake amongst vendors. Thwarting replay attacks Despite that most WS-Security-related specifications through OASIS emphasize the importance of thwarting replay attacks by inspection, very few WSE v1.0 implementations that I've seen do. WSE v2.0 TP helps address this issue through Microsoft.Web.Services.Security.WSEReplayCache, a class that utilizes an in-memory LSU hashtable to verify that inbound messages have not been previously received by the endpoint. WSE v2.0 TP also provides a framework for thwarting replay attacks so that developers can validate on a more granular level (i.e. nonce). I would highly suspect that certain shops might wish to validate against a backend data store (i.e. SQL Server). WSE is one of the most exciting toolkits for plumbers in recent memory. Judging by the WSE newsgroup, it looks like people are already having fun with the bits. 11:08:57 AM    comment []