Partager via

Web Service Security Webcasts/ARCasts

On Wednesday, Dwayne Taylor, Mark Fussell, Ron Jacobs, and I recorded a live MSDN Webcasts titled Securing Web Services with X.509 Certificates in WSE 3.0. This webcast is based on the Web Service Security guide we released last month. If you are interested in this stuff, you'll REALLY be doing yourself a disservice if you don't check it out - it is so much more than how to decide between X.509, Kerberos, and Username tokens. Anyway, we think the webcast turned out really well, we had a lot of fun doing it, and now it's available on-demand for your viewing pleasure right here. I know you're probably thinking, "what's up with telling us about a LIVE webcasts after the fact?" Yeah, I know ... that's lame.

So, for fear of making the same mistake again, I'll tell you about the next 2 we're going to do over the next 2 weeks so you can tune in to the live recording and have your questions included in the production. Unfortunately, I don't have the links right now, but I expect to get them soon. I'll just update this entry once I have the URLs.

Wednesday, January 18th, 2006
Securing Web Services with Kerberos in WSE 3.0
In this webcast, we will take an in-depth look at implementing message layer security with Kerberos in WSE 3.0 to provide authentication and secure communications between client applications and web services. We'll start by exploring design-level criteria that would lead to the decision to use Kerberos and finish by walking through an implementation strategy. We will explain how the solution works and then walk through code and configuration of the implementation.

Wednesday, January 25th, 2006
Authentication to Web services with UsernameToken in WSE 3.0
In this webcast, we will take an in-depth look at authenticating with a web service using the WSE 3.0 UsernameToken and how to secure the communications with X.509 certificates. We will start by exploring design-level criteria that would lead to the decision to implement UsernameToken authentication and finish by walking through the implementation. We will explain how the solution works and then walk through code and configuration of the implementation.  We will also discuss extensibility points in WSE, such as using a custom UsernameTokenManager to validate credentials presented to the web service in a UsernameToken against various identity stores and authentication services.

After we finished recording the webcasts, Ron wouldn't let us leave until after we recorded an episode of the ARCast on the same topic. I'm not sure when he's going to make it available, but if you're interested, you should probably keep an eye out here.


  • Anonymous
    March 03, 2006
    So many differnt approaches, not to say the variation within each single approach.

    Which approach is simple (simple to use and implement, I don't want to read too many stuff), fast ( fast in performance), secure (every message exchange must be secured), less demanding ( on infrastructure like CA, kerbros etc),  extensible ( comes last, but would be good in cases like multiple players are involved), and widely or easilly accipted?
  • Anonymous
    June 02, 2006
    Keith blogged about the Web Service Security Guide earlier.  Don Smith just blogged about...