Writing Secure Web Services (with .NET)

This session examines the basics of trust in a distributed app, and talks about how to achieve security with web services and .NET 1.1 with WSE2.0.

Web Services are message-oriented. This means that any application intention (the need for security, for transactionality, for reliability, etc.) must be
included in the message and not just assumed as external context. The WS-Security specifications are very advanced and currently being used in the
wild to create robust, secure web services. This session will examine these specifications, including:
• WS-Security
• WS-Policy - for sharing enforcement and encryption strategies
• WS-Privacy - for agreeing on privacy policy for service usage
• WS-Encryption - for encrypting or signing all or part of a message
• WS-Trust - for creating a single-sign-on solution
• WS-Federation - works with WS-Trust
These specifications, plus others like WS-Addressing and WS-Notification, provide a platform for communicating security intent across multiple network
layers and many platforms. Of course, these specifications only define modifications to the message; the implementation of the features is left to the
application author. We will demonstate these capabilities using the .NET platform.

About Justin Gehtland

Justin is the co-founder of Relevance, a consulting/training/research organization located in the Research Triangle of North Carolina. Justin has been developing applications with static and dynamic languages since 1992. He has written code with Java, .NET, C#, Visual Basic, Perl, Python and Ruby. He loves to talk, especially in front of people, but all by himself in the corner if he must. Justin is currently focused on: Rails (because its the law), Spring (because Java isn't going anywhere) and security (because paranoia is your friend).

More About Justin »