Service Security Guide on MSDN

The Improving Web Services Security: Scenarios and Implementation Guidance for WCF project on CodePlex now has its results in an online browsable from within the MSDN site.    I linked to this project last year, but it’s great that everything has been made available on MSDN as well.

Even if you aren’t using WCF, this set of deliverables has some very insightful components.  For example, the Security Fundamentals for Web Services chapter barely even mentions WCF but rather focuses on defining services, overarching security principles, as well as a set of security patterns that address topics such as authentication, data confidentiality and message validation.

Chapter 2, Threats and Countermeasures for Web Services, is also technology-neutral and identifies a set of security threats, vulnerabilities, and countermeasures.

Of course it is a WCF guide, so expect to find a wealth of information about WCF security options and trade-offs as well as 20+ “how to” walkthroughs that range from hosting services, to impersonation to using certificate-based authentication.

Finally, if you’re not a “read tons of pages about security” kind of fella, then at least peruse the WCF Security Checklist (which can provide a good development checkpoint prior to service release), the summary of WCF Security Practices at a Glance (which provides a clean list of categories and related articles) and the very important Q&A section that contains dozens of realistic questions with straightforward answers.

Great job on this.  Thanks J.D. and team.

Technorati Tags: ,



Categories: General Architecture, SOA, WCF/WF

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: