BT
x Your opinion matters! Please fill in the InfoQ Survey about your reading habits!

Improving Web Service Security: Guidance for WCF

by Hartmut Wilms on Aug 08, 2008 |

Microsoft patterns and practices group has released a WCF Security Guide. The 689 pages compendium offers a general introduction to Web Service security fundamentals as well as in-depth knowledge about several security threads and appropriate counter-measures.

Improving Web Service Security: Scenarios and Implementation Guidance for WCF” offers security guidance in many ways. It is available in HTML and as a downloadable PDF.

The guide is divided into four parts accompanied by a set of references sections:

  • Part I – Security Fundamentals for Web Services
    The first chapter gives a good overview of the main aspects of service-oriented architectures (SOA). Security threats, vulnerabilities, and attacks are explained in the context of an SOA and Web Service Security standards, principles, patterns, and necessary development activities are introduced.
    Chapters two and three cover Web Service Security threats and countermeasures and design guidelines for Web services.
  • Part II – WCF Security Fundamentals
    This part introduces all features and options concerning WCF service security. Instead of merely presenting all options and providing sample code, this guide evaluates all options with respect to security issues and also tells you what options not to use or even to avoid completely.
  • Part III – Intranet Application Scenarios
    The next two parts cover best practices for designing services and configuring web server, application server, and database server in a scenario-based fashion. Part III presents scenarios in the intranet scope.
  • Part IV – Internet Application Scenarios
    Part IV presents scenarios in the internet scope.

All topics covered individually in part one to four relate to a single organizing frame. J.D. Meier, Principal Program Manager on the patterns & practices group, introduced the Web Service Security Frame on his blog:

The key to making principles, patterns, and practices more effective is to have an organizing frame. […] the power of the frame is that it's a durable, evolvable backdrop -- in other words, you can shape it to your own purposes.

The references sections consists of checklists, guidelines, best practices, Q&A, and step-by-step howtos.

The mix of thorough coverage of fundamental (web) service security aspects and reference sections, all in a scenario-based fashion is very appealing and simplifies understanding. The guide addresses the full range of developers and architects, from beginner to pro. Especially the Q&A and the howto sections are ideal for beginners who do not know their way around service security. The checklists, guidelines and best practices as well as part III and IV provide valuable information and reference for everyone.

Hello stranger!

You need to Register an InfoQ account or or login to post comments. But there's so much more behind being registered.

Get the most out of the InfoQ experience.

Tell us what you think

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread
Community comments

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

Discuss

Educational Content

General Feedback
Bugs
Advertising
Editorial
InfoQ.com and all content copyright © 2006-2014 C4Media Inc. InfoQ.com hosted at Contegix, the best ISP we've ever worked with.
Privacy policy
BT