Kirk Evans is a Microsoft Architect for the Azure Center of Excellence.
Introduction to SharePoint and Azure IaaS
Building SharePoint Apps with Windows Azure Platform as a Service
SharePoint Solutions and Architectures on Windows Azure Infrastructure Services
Understanding Authentication and Permissions with Apps for SharePoint and Office
One of the innovations in WSE 3.0 is the addition of turnkey security scenarios. However, without spending some time trying to learn security concepts up front, you might not be sure how to use some of the features in WSE 3.0.
Don Smith posts on a set of webcasts focusing on WSE 3.0 and security. The X.509 webcast is really well done. It explains concepts like the mutualCertificate11Security turnkey assertion very well and explains where the certificates should go:
It also describes the capability for certificate revocation and how the cert issuer maintains the certificate revocation list (CRL). Of course, there is a demo that shows how easy it is to create a secure service via policy, and Dwayne Taylor from RDA runs through the wizard (with an unexpected shortening of the number of steps... the wizard just vanishes part way through the sequence).
Another interesting tidbit is when Dwayne explains the different certificate store options.