Overview of WSE 3.0

I haven't been writing much lately... And I just can't find a decent excuse... I was just plain lazy last couple of days... But I am back and I do intend to continue with what I was doing...

 

This one is going to be a boring one... Just doing an overview of WSE 3.0... Just for the record thing... Non Microsoft Developers... guess you guys are getting not finding it very interesting lately...

 

There are 3 components to WSE. The security, Tracing and custom transformation.

In WSE 2.0, the input pipeline and the output pipeline were separate and the security, tracing and custom transformation was required to be implemented manually and separately.

 

Microsoft Identified 6 common scenarios in the Industry for WSE 2.0. These were called turnkey security scenarios

 

In WSE 3.0 Microsoft gave these 6 turnkey scenarios that you could choose from if you didn't want to customize everything.

 

As for example there is a scenario called Username for certificate: The client logs in using some kind of authentication mechanism like active directory. On successful authentication, the client is provided with a public key certificate. The Client then generates a private key and encrypts the key using the public certificate. The server decrypts and extracts the key; works on the request encrypts the response using the extracted security key generated by the client and sends it back. Client already has the generated key and uses it to decrypt the response.

 

This whole process is abstracted away. All you have to do it apply a policy file to the server, and apply a policy file to the client so that the client knows how to obtain the public key.

 

Interoperability with WCF: it provides seamless interop with the Windows Communication Foundation (Indigo) almost one year in advance before the actual release of WCF. This also means that the Web services that you have secured using WSE 2.0 and the WSE 3.0 can talk seamlessly to the WCF endpoint that you are going to create in the future.

 

We all know that the Web services model is basically components like the XML and XSD which are schema languages that can be used for web services, http as a transport protocol, and WSDL for discoverability. This is the general unsecured model of Web Services. WSE 3.0 adds security to the Web services using specifications like WS Security, WS Trust and WS Secure Conversation. WSE 3.0 isn't just about security. It does more than that. It also adds transport protocols like TCP and even custom protocols support. So you can use custom protocols like UDP and SMTP also. And not only that these protocols are easy to use.

 

Then comes the WCF. The Windows communication foundation adds new pillars to the Web Services stack model. It adds reliable messaging. It adds transaction support. The whole model basically assists you to build connected systems.

 

 

 

Additional resources

Home page for WSE on MSDN

No Comments