WSE 2.0: Get Your .NET Web Services Security Up to Spec

n October 2003, Microsoft announced the technical preview of its Web Services Enhancements for .NET (WSE) 2.0 toolkit. This release implements some of the new Web Services Architecture (WSA) specifications that Microsoft, IBM, and BEA have been working on together, and it improves existing specifications such as WS-Security. This article examines the WS-Security improvements and shows how you can upgrade your Web services to WSE 2.0.

The following is a list of WSE 2.0's new or improved security features, which provide new infrastructure services for designing and implementing Web servicesWSE 2.0:

• Authentication of a Web service call against the Windows security
• Role-based security through the use of security tokens (based on the Windows security)
• Signing and encryption of user-defined SOAP headers
• Support for Keberos security tokens
• WS-Trust
• WS-SecureConversation
• A policy framework based on WS-Policy
• SOAP messaging over transport channels like TCP
• Support for the development of user-defined transport channels