Don Smith has posted links to some WSE 3.0 webcasts based on the WS-Security patterns and practices work that I have helped him with. We already have done a webcast on WSE 3.0 and X509 certificates usage which you can watch here with more to follow in the next two weeks. Read Don’s posting for the details.
Also last month’s and this month’s MSDN magazine has plenty of WSE 3.0 content. There is Aaron Service Station article and Tomasz Janczuk, who is the developer lead for WSE 3.0, wrote a great article on the policy framework in WSE 3.0.
Tomasz and I also work together on WCF security (WSE is in fact owned by the WCF security feature team, so we ship multiple products) and what is interesting about this article is the description of the security header layouts in the message. When you start to use WSE and WCF as products you are in effect working with an API that enables you to generate messages that contain a <security> header element in a SOAP message according to the WS-Security (1.0 and 1.1), WS-Trust and WS-SecureConversation specifications. How these specifications are interpreted into messages on the wire is complex, especially to achieve interoperability across platforms. That is why the turnkey security scenarios introduced into WSE 3.0 and aligned with WCF simplify security by choosing preconfigure security header layouts in the SOAP message. These in turn come from reading the WS-SecurityPolicy spec to describe how the headers are built from assertions. In effect reading this article essentially gives you insight into not only the structure of WSE 3.0 messages but, also WCF messages where the turnkey scenarios overlap between the products.