Microsoft has announced a Technology Preview release for Microsoft Web Services Enhancements Version 2.0. WSE (Web Services Enhancements for Microsoft .NET) is "an add-on to Microsoft Visual Studio .NET and the Microsoft .NET Framework providing developers the latest advanced Web services capabilities to keep pace with the evolving Web services protocol specifications. The technology preview of WSE 2.0 provides early access to new advanced Web services capabilities. New features include a policy framework, enhanced security model, message-oriented programming model, and support for multiple hosting environments. WSE provides a foundation for building applications based on Web services specifications published by Microsoft and industry partners, including Web Services Security (WS-Security), Web Services Policy Framework (WS-Policy), Web Services Security Policy Language (WS-SecurityPolicy), Web Services Trust Language (WS-Trust) , Web Services Secure Conversation Language (WS-SecureConversation), and Web Services Addressing (WS-Addressing)."
New capabilities in WSE Version 2.0: "Token-issuing framework (WS-Trust, WS-SecureConversation) provides capabilities that build on WS-Security and define extensions to request and issue security tokens and to manage trust relationships and secure conversations. Roles-based authorization with integration into Windows security enables corporations to leverage their existing Windows domain credentials when accessing Web services or to integrate their own access control engine. Declarative programming model (WS-Policy, WS-SecurityPolicy) enables developers to author policies that operate a runtime component, responsible for processing the SOAP headers in Web services that contain security and routing information and play a role in the validation of incoming and outgoing messages. For example, the runtime can automatically sign and encrypt a message based on the authored policy without the developer having to write code. Message-based object model (WS-Addressing) provides customers with a message-based programming model over TCP and HTTP, allowing them to explore alternative types of SOAP-based applications such as ad hoc peer-to-peer applications."
About Microsoft WSE 2.0 Technology Preview
The technology preview of WSE 2.0 is unsupported and is not licensed for production use.
WSE 2.0 Technology Preview builds on the security, routing, and attachments capabilities with new features including a policy framework, enhanced security model, message-based programming model, and support for multiple hosting environments.
WSE 2.0 simplifies coding by enabling developers and administrators to apply security policies on Web services running on the Microsoft .NET Framework. Web services communication can be signed and encrypted using Kerberos tickets, X.509 certificates, username/password credentials, and other custom binary and XML based security tokens. WSE's enhanced security model provides a policy-driven foundation for securing Web services across trust domains. A Trust issuing service can be established for retrieving and validating security tokens. A secure conversation can also be established by parties so that authentication and authorization of calls within a session can happen more quickly than more complex cryptographic operations.
The new message-oriented programming model enables asynchronous communication for Web services implementations that require support for long lived operations, batch processing, peer to peer programs, or event driven application models. Web services that leverage WSE can now be hosted in multiple environments including ASP.NET, standalone executables, NT Services, etc. and can communicate over alternative transports including HTTP or TCP.
WSE provides a foundation for building applications based on Web services specifications published by Microsoft and industry partners including WS-Security, WS-Policy, WS-SecurityPolicy, WS-Trust, WS-SecureConversation and WS-Addressing. [adapted from the WSE v2.0 download page]
From the Announcement
[Microsoft has] announced the availability of the technology preview for the next version of Microsoft Web Services Enhancements (WSE), which gives Visual Studio .NET developers support for designing and building advanced Web services.
Available as a download on the MSDN Web site, WSE version 2.0 offers new security features that greatly simplify development of secure Web services which span company boundaries and trust domains, connecting and exchanging information with customer and partner systems.
WSE 2.0 provides a messaging-based object model that supports multiple transports, including TCP and HTTP, and synchronous and asynchronous communications. Synchronous communications consist of messages in which the sender must wait for a reply. In contrast, with asynchronous messages, the sender can submit a request and can retrieve it at any time without having to wait for a reply. This asynchronous capability is particularly useful for long-running operations that may take hours to complete.
WSE 2.0 builds on the security, routing and attachment capabilities of version 1.0 and adds a foundation for building applications based on Web services specifications published by Microsoft and industry partners including WS-Security, WS-Policy, WS-SecurityPolicy, WS-Trust, WS-SecureConversation and WS-Addressing.
"The new version of WSE takes Web services to the next level by expanding the experience for developers and enabling enterprises to quickly and easily connect their systems with partners, customers and suppliers using advanced Web services," said Rebecca Dias, product manager for advanced Web services at Microsoft. "Developers are now able to apply a set of security policies to Web services with minimal lines of code in a way that is interoperable across heterogeneous systems."
Customers including Reuters, a global information company that provides tailored information for professionals in financial services, are taking advantage of the advanced security capabilities available through WSE to deliver financial information using Web services.
"WSE and the Microsoft .NET Framework address a critical need for our customers by providing the necessary security infrastructure by leveraging WSE's implementation of WS-Security and WS-Policy capabilities," said Bill Evjen, technical director of development for Reuters. "This infrastructure allows our customers to quickly and easily communicate with our financial services customers in a secure and standardized manner."
With the release of the technology preview, WSE 2.0 supports the following new capabilities:
Token-issuing framework (WS-Trust, WS-SecureConversation) provides capabilities that build on WS-Security and define extensions to request and issue security tokens and to manage trust relationships and secure conversations.
Roles-based authorization with integration into Windows security enables corporations to leverage their existing Windows domain credentials when accessing Web services or to integrate their own access control engine.
Declarative programming model (WS-Policy, WS-SecurityPolicy) enables developers to author policies that operate a runtime component, responsible for processing the SOAP headers in Web services that contain security and routing information and play a role in the validation of incoming and outgoing messages. For example, the runtime can automatically sign and encrypt a message based on the authored policy without the developer having to write code.
Message-based object model (WS-Addressing) provides customers with a message-based programming model over TCP and HTTP, allowing them to explore alternative types of SOAP-based applications such as ad hoc peer-to-peer applications.
System Requirements for WSE Version 2.0
Supported Operating Systems include Windows 2000, Windows Server 2003, and Windows XP: (1) Microsoft Windows XP Professional with Service Pack 1 or later; (2) Microsoft Windows 2000 Server with Service Pack 3 or later; (3) Microsoft Windows 2000 Advanced Server with Service Pack 3 or later; (4) Microsoft Windows 2003 Server.
Hardware requirements: Processor Pentium 233 MHz; recommended: Pentium 300 MHz or faster. RAM 64 MB; recommended: 128 MB or higher.
Additional Software: [1] Microsoft Internet Information Services (IIS) 5.0 or later. [2] One of the following: Microsoft .NET Framework SDK version 1.0 with Service Pack 2 or later; Microsoft .NET Framework SDK version 1.1; Microsoft Visual Studio .NET; or Microsoft Visual Studio .NET 2003.
Earlier Release: Web Services Enhancements (WSE) 1.0 SP1 for Microsoft .NET
"Web Services Enhancements for Microsoft .NET (WSE) [Version 1.0] is an add-on to Microsoft Visual Studio .NET and the Microsoft .NET Framework providing developers the latest advanced Web services capabilities to keep pace with the evolving Web services protocol specifications.
"Web Services Enhancements (WSE) 1.0 Service Pack 1 provides support for security features such as digital signature and encryption, message routing capabilities, and the ability to include message attachments that are not serialized into XML. Functionality is based on the WS-Security, WS-Routing, WS-Attachments and DIME specifications."
See the release notes and download page.
Principal references:
- Announcement 2003-07-15: "Microsoft Releases Technology Preview of Web Services Enhancements Version 2.0. Company Adds New Security Capabilities for Developers Building Advanced Web Services."
- Web Services Enhancements for Microsoft .NET
- WSE 2.0 Technology Preview. Description and references.
- "Programming with Web Services Enhancements 2.0." By Matt Powell (Microsoft MSDN Web Services). July 2003. 15 pages.
- Press:
- "Microsoft Previews Upgraded Web Services Pack. Security to Get Boost." By Paul Krill. In InfoWorld (July 15, 2003).
- "Microsoft Bolsters Web Services Security." By Martin LaMonica. In CNET News.com (July 15, 2003).
- Download WSE 2.0 Technology Preview
- See also: Microsoft WS-Security Specification Index Page