Reviewers wanted for Web Services Security guidance project

  • Article

I hope you're able to absorb new deliverables quickly. After springing GAT onto you the other day, today I want to talk about yet another project we are working on now. However unlike GAT, this one is not due for imminent release. That's why we're looking for some help.

It isn’t any secret that web services and service orientation are getting a lot of attention at the moment, and that many customers believe (as does Microsoft) that these are fast becoming vital solutions for integration and interoperability. It also isn’t any secret that the specifications and toolkits are evolving rapidly, and making sense of it all can sometimes be difficult. Even with technologies like WSE and Indigo making the implementation a lot easier, it still can be difficult deciding which of the available technologies and options will best meet your business needs. For example, concentrating on the security space, should you go with transport or message security? When should you use direct authentication vs X.509 or SAML? What are the security and performance implications of using confidentiality and message integrity mechanisms?

The patterns & practices team has started a project to provide guidance to help customers choose and implement appropriate solutions for service oriented applications using web services technologies. This is obviously a big space, so we are tackling it in pieces, and the first is (you guessed it) security. We are currently in the early phases of the project, and we are still experimenting to determine the best way of structuring the guidance. Once we feel it is relatively organized and complete, we plan to publish a public preview to get some widespread feedback. Right now, we are still looking for feedback, but since it is still evolving, we feel that we need to give some more personal attention to each of the reviewers to explain what we’ve done and get detailed feedback. We are asking for a commitment from any early reviewers to dedicate a few hours each week to reading the material, participating in workshops and providing feedback. In return you will get early exposure to one of our new deliverables and the opportunity to influence its direction.

Does this sound like you? Please drop me a note if you’d like to participate. To make sure we get the right reviewers at this early stage, please also indicate what experience you have with web services and security, and what kinds of projects you or your organization have undertaken which would benefit from this kind of guidance.

This posting is provided "AS IS" with no warranties, and confers no rights.