You may not know this, but the patterns & practices team is pretty amped about making stuff that architects and Web service developers actually need (or at least make them happy). I know this because that's what they pay me for 😉 If you're building Web services, are involved in an integration project, or are just interested in topics around enterprise architecture (like service orientation), you're going to want to monitor (or even subscribe to) this blog. And here's why ...
We have a bunch of stuff in the oven around Web service security, SAML, WS-I, WSE, integration patterns, and baseline architectures you're going to want to know about. No one wants their colleagues making fun of them for finding stuff out late 😉 Not only am I going to let you know about things here long before you find out about it here, I'll give you the opportunity to influence its direction. So, if you see something you don't like, or have a suggestion to make it more like what you need, fire off an email to me. <MyBestRadioVoice>Why, you could even be the next champion.</MyBestRadioVoice> Okay, so here's what we have going on right now (I don't know if I'm going to keep this list updated as time goes on, but you should be able to figure out what we're up to by browsing the categories):
Web Service Security Patterns - This is huge! As you probably know, Web services are going up everywhere and a lot of them have security requirements. Transport level security (SSL) will be fine in some cases, but other services are going to need message level security (WS-Security). If you've looked into this, you know it's far from trivial. how are you supposed to know which token(s) to use ... X.509 ... Username ... Kerberos ... SecureContextToken for example? Well, these set of patterns cover the spectrum of architecture patterns, design patterns, and implementation patterns in WSE. In addition to the patterns, this asset has a navigation document to put you in the ballpark of the patterns you should be considering, and it has some primers to get you up to speed quickly on some of the concepts. Today, this stuff is in the CTP (Community Technical Preview) phase. All you have to do is join the community here (of course it's free), download the CHM file, and start reading. <RadioVoiceAgain>You'll be impressing your friends, family, and (more importantly) your manager in no time.</RadioVoiceAgain>
Applied Integration Baseline - This is also huge, but more in the literal sense. What I mean is this is the largest amount of code we've ever released at one time. Oh no, don't be scared ... because we even wrote a separate application, we call the Narrator, whose job is to help make sense of it all. So what is this thing? Well, we're all familiar with sample applications ... I like to call this a sample enterprise. One of the most difficult things to do in an enterprise is integrate all of the siloed applications so they consistintly share commonalities across the org. This asset shows how to compose patterns to address complex integration requirements using SQL, BizTalk Server, IIS, and .NET. The result is a baseline architecture to build on as you iterate over the implementation. The version for .NET 1.1 is here, the version for .NET 2.0 is here, and the community is here. You may also want to check out a flash version of the Narrator - very good stuff.
WS-I Basic Security Profile Reference Implementation - I'll spare you the description of who the WS-I is and if you've not heard of the BSP 1.0, you can read about it here. Well, this asset is basically the Microsoft version of the WS-I Sample Application. This is the app we'll use to consume the other vendor's sample apps and they will consume this one with their version ... all to test for the success of interoperability. This is one of the better sample applications I've seen. The security requirements are surprisingly complex. There's good stuff in here. I'll definately be blogging more about this one. Feel free to join the community and have a look at the code and supporting docs. Right now it is only targeting WSE 3.0, but we would consider building a WSE 2.0 version if the demand is high enough <PutsHandNextToEarListening />.
We have a couple of other things in the crock pot, but I don't have anything I can show you just yet. One is a SAML STS (security token service) Application Block. Well, we think we're going to release it as a block. What do you think?Right now the community is private. If you think (or know) you're going to implement SAML, are interested in this project, and are willing to provide us some feedback, fire me off an email mentioning this blog entry and tell us about your SAML plans. We'll invite you to the community so you can have a look at it now. The other project we have going is just in the very first stages and is easily my personal favorite. I can't wait to get this one in your hands. Unfortunately, I have to keep my fingers still for now. Much more later. Promise.
If you have any questions or comments, post to the forums and I'll see it in my inbox almost instantaneously.