BT

Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Write for InfoQ
News Articles Presentations Podcasts Guides

Topics

Choose your language

InfoQ Dev Summit Boston

Discover transformative insights to level up your software development decisions. Register now with early bird tickets.
InfoQ Dev Summit Munich

Get practical advice from senior developers to navigate your current dev challenges. Register now with early bird tickets.
QCon San Francisco

Level up your software skills by uncovering the emerging trends you should focus on. Register now.
The Software Architects' Newsletter

Your monthly guide to all the topics, technologies and techniques that every professional needs to know about. Subscribe for free.

InfoQ Homepage News Improving Web Service Security: Guidance for WCF

Improving Web Service Security: Guidance for WCF

This item in japanese

Bookmarks

Aug 08, 2008 2 min read

InfoQ Article Contest

Share your knowledge Win a ticket to a QCon event
or an InfoQ Dev SummitFind out more

Microsoft patterns and practices group has released a WCF Security Guide. The 689 pages compendium offers a general introduction to Web Service security fundamentals as well as in-depth knowledge about several security threads and appropriate counter-measures.

Improving Web Service Security: Scenarios and Implementation Guidance for WCF” offers security guidance in many ways. It is available in HTML and as a downloadable PDF.

The guide is divided into four parts accompanied by a set of references sections:

  • Part I – Security Fundamentals for Web Services
    The first chapter gives a good overview of the main aspects of service-oriented architectures (SOA). Security threats, vulnerabilities, and attacks are explained in the context of an SOA and Web Service Security standards, principles, patterns, and necessary development activities are introduced.
    Chapters two and three cover Web Service Security threats and countermeasures and design guidelines for Web services.
  • Part II – WCF Security Fundamentals
    This part introduces all features and options concerning WCF service security. Instead of merely presenting all options and providing sample code, this guide evaluates all options with respect to security issues and also tells you what options not to use or even to avoid completely.
  • Part III – Intranet Application Scenarios
    The next two parts cover best practices for designing services and configuring web server, application server, and database server in a scenario-based fashion. Part III presents scenarios in the intranet scope.
  • Part IV – Internet Application Scenarios
    Part IV presents scenarios in the internet scope.

All topics covered individually in part one to four relate to a single organizing frame. J.D. Meier, Principal Program Manager on the patterns & practices group, introduced the Web Service Security Frame on his blog:

The key to making principles, patterns, and practices more effective is to have an organizing frame. […] the power of the frame is that it's a durable, evolvable backdrop -- in other words, you can shape it to your own purposes.

The references sections consists of checklists, guidelines, best practices, Q&A, and step-by-step howtos.

The mix of thorough coverage of fundamental (web) service security aspects and reference sections, all in a scenario-based fashion is very appealing and simplifies understanding. The guide addresses the full range of developers and architects, from beginner to pro. Especially the Q&A and the howto sections are ideal for beginners who do not know their way around service security. The checklists, guidelines and best practices as well as part III and IV provide valuable information and reference for everyone.

Rate this Article

Adoption
Style

This content is in the WCF topic

Related Topics:
BT