MS highlights security in Web services development pack

Microsoft Corp. on Monday officially unveiled the general release of Web Services Enhancements 1.0 (WSE) for Microsoft .Net, focusing on security and support of proposed standards.

The free product, which had been available in an unsupported technical preview format since August, is a plug-in to Microsoft's Visual Studio .Net. It is built on existing Web services standards such as XML, SOAP (simple Object Access Protocol) and WSDL (Web Services Description Language).

New in the general release is an API for log-in, session handling and audit trails, but Microsoft officials are focusing particularly on support for the proposed WS-Security standard now under consideration by OASIS (Organization for the Advancement of Structured Information Standards). WS-Security was first published by Microsoft, IBM and Verisign in April.

Through use of WS-Security, developers can build more secure Web services, Microsoft officials stressed. "It secures the actual message and payload," said Rebecca Dias, product manager for Web services marketing at Microsoft, in Redmond, Wash.

Security is maintained when messages are passed to multiple points, she said. "What we're doing is allowing you to sign that part of data that's flowing over the Internet," Dias said. Other features included as part of WS-Security support include backing for x.509 digital certificates and Kerberos, to encrypt messages.

"The number 1 priority for our early adopter Web services customers is securing the Web services messages," said Scott Garvey, director of Web services marketing for Microsoft.

An analyst said WSE provides critical support for security, but that Microsoft also is using the product as a vehicle for promoting specifications that it would like to see become industry standards.

"It's a natural progression," said analyst Dwight Davis, vice president of Summit Strategies, in Kirkland, Wash. "Microsoft's pushing out support for standards, which at this point are standards in Microsoft rhetoric, only."

Davis added, however, that support for Web services security "is really the functionality that developers are pounding on doors to get."

Microsoft also is featuring support for the Microsoft-proposed WS-Routing specification. This enables messages to be sent through intermediaries and across different transports, to leverage load balancing as well as geographic balancing, to enable a local server to process Web services.

Also featured is support for the WS-Attachments proposal now sitting before the IETF (Internet Engineering Task Force). This support together with backing of DIME (Direct Internet Message Encapsulation) enables binary files to be sent via SOAP-based transports.

Microsoft plans to use future versions of the WSE package to provide support of the latest versions of standards, according to company officials. Future versions of WSE may not be backward-compatible, however, according to Microsoft's Web page on the product.

While WSE 1.0 actually has been available since December 9, Microsoft is holding off on announcing it until Monday, when it will roll out users of the product: F5 Networks, WRQ and West Global, an Irish-based Web services management company.

WSE 1.0 is available as a download on msdn.microsoft.com.

Join the newsletter!

Error: Please check your email address.

More about F5 NetworksIBM AustraliaIETFInternet Engineering Task ForceMicrosoftOrganization for the Advancement of Structured Information StandardsSummit StrategiesVeriSign AustraliaWRQ

Show Comments

Market Place