I am not sure how many people have had a chance to download our May CTP of the Web Service Software Factory yet so I thought I would provide some more detail about some of the areas that we cover in our latest release. For this blog posting I am going to focus on web service interoperability.
Conceptually when think about inteoperability I think of three things. Specifications (eg - Ws-Security, WS-SecureConversation, WS-Trust etc), Versions of specifications (eg - Ws-Security 1.0, WS-Security 1.1) and Extensibility points within specifications (eg - algorithms implemented in each platform).
However when it comes to designing services that are interoperable this model becomes extremely complex and almost impossible to enforce, as it requires an intimite understanding about what specifications a particular version of a client has implemented and then some ability to review the specifications of your service - which is why we have incorporated an Interop configurator in our May CTP.
The Interop configurator allows an architect or lead developer to specify interop configuration settings that will tailor the developers experience such that as they start securing their services they will only have access to features that are supported using the constraints that you have specified.
To take a look at it you should design your service using the Web service software factory, and then enable the security package. At that point right click on the solution and select Interop configuration. This option gives you three levels of detail.
- The first is a prototype and is intended to allow you to specify what platform clients of your service will be running on. This selection would tehn constrain what options you have when you actually come to securing your web services.
- The second screen is based on what specifications are available, and
- The third is based around the more interesting extensibility points that are relavent
If you go to the second screen and disable WS-Trust (perhaps your clients are running on a platform that has not implemented this yet) you will notice that SecureConversation also gets disabled. Then (and more importantly) as you go through the security recipes and start securing your services you will notice that the capability to use Secure Conversation has been disabled...
As I mentioned the first screen (where you can specify client platforms) is still prototype - but the other screens do work. It is going to be quite a lot of work for us to work on the first screen so we are looking for feedback as to whether this will be useful or not. So if you like this feature - or if you have feedback please post some messages on our discussion board on http://practices.gotdotnet.com/svcfactory.