Interested in more in-depth details about the implementation of the WS-I Basic security profile application? 

Go read the blog of Hernan de Lahitte who was member of the dev team. I a series of posts he will share his experiences in building this sample and talk about the issues that came up.

Currently Microsoft is working on a sample application that is compliant with the WS-I Basic Security Profile (BSP). This sample application shows you how to build secure web services using WSE. Besides this, the sample also demonstrates interoperability issues and gives some guidance on how to design services that can evolve technology changes by separating the business logic from the transport.

The sample is a “preview release” because the BSP specs don’t have the final status yet. The preview is built using Visual Studio 2003 and WSE 2.0. The final release (which will be available after the BSP specs are final) will be implemented with Visual Studio 2005 and WSE 3.0.

I was one of the lucky ones (J) participating in the reviewing team. So, I had the change to look at the code in an early stage and provide some feedback. I think that this sample is definitely worthwhile spending some time on for anyone interested in web service security and interoperability.

 The sample application will be available somewhere in the coming weeks. Today there is already a webcast available from the Patterns and Practises live site (direct link WS-I BSP webcast) for download. Go check it out!

It’s been some time since I have written anything on this blog. I have been busy in the start up phase for some projects. For one of the projects I will be assigned to in the near future, interoperability and web service security will be a big issue. To refresh my memory I decided to go through the Basic Profile 1.0 (BP) specification once again. This profile provides implementation guidelines that help you build web services with maximum interoperability. The web services interoperability organization (WS-I) provides sample implementations (build by different vendors) that demonstrate web service interoperability across the different platforms.

Currently the WS-I is working on the Basic Security Profile (BSP), which covers building interoperable secure web services. The BSP covers guidance for both transport level security and (soap) message level security. Personally I am more interested in the message level security issues. To understand the BSP better I am also spending some time again on the WS-Security specs which describe in detail how to secure web services on the message level. Of course when thinking of web services and security in a Microsoft world we cannot forget WSE, so that is also on my ToDo list again.

At first, reading through these WS-* specs and profiles doesn’t seem very interesting but having a detailed look at the implementation that is available (WSE and BP 1.0 sample application) makes life a little more interesting. After having spent some time on it I even start to like it. So, maybe I’ll be back with more info about web service security soon. (I promise I’ll try to make this blog not more boring than it already is).