A question that I often get asked is - How do I get started learning about WSE 3.0 and what considerations need to be made when building secure Web services?

 

So I have put together some essential steps to help get you started on the road with WSE 3.0 along with some estimated times. I have also included some projects to spark ideas that you can build, because in the end that is the only true way to learn.

 

1) First go to the WSE Home Page here

*        Download the WSE 3.0 SDK and read the documentation introduction

*        Run each of the WSE Quickstarts samples and look through the code.

*        Work through the two detailed WSE 3.0 Hands on Labs (HOLs)

*       Exploring Security

*       Exploring Messaging

Total time - 2 days

 

2) Then go to the Patterns and Practices Home Page here

*       Read the Scenarios, Patterns, and Implementation Guidance for Web Services Enhancements (WSE) 3.0

*        Walk through the Web Service Security Guidance Quickstarts

*        Listen to the Web Casts for the Web Service Security on the same page

Total time - 3 days

 

3) Then return to the WSE Home Page and read the following articles

*        Read “What's New in Web Services Enhancements 3.0“

*        Read “Protect Your Web Services Through The Extensible Policy Framework In WSE 3.0 “

Total time - 1 day

 

4) And if you still need more listen to the Ron Jacobs Arc Casts on WSE 3.0

*        http://channel9.msdn.com/Shows/ARCast_with_Ron_Jacobs

Total time - 1 day if you are insane, spread over 1 week for mortals

Need some ideas? Here are some projects to build with WSE 3.0

  1. Secure your existing Web services! Easy one this.
  2. Get a finger print reader and using the fingerprint SDK create your own custom  fingerprint XML token type. Now you can authenticate to a Web service using your fingerprint, rather than a having to use password or a certificate.
  3. Using the examples in the messaging hands on lab (HOL) implement the SMTP protocol and use this to securely post messages to a Web service. The interesting aspect here is that this is a store and forward scenario which does not have to have a permanent connection. This is a classic case where message level security is a suitable technology choice.
  4. Integrate with AzMan and ADAM for application level authorization and authentication.
  5. Set up a web service at work called "15 minutes of Fame" with a spare big screen monitor in the hallway for all to see. Write a service to give everyone in your group 15 minutes of fame with timeslots that they can book, securely of course. If you use Kerberos or X509 certificates for security (use the former if you have Active Directory) offer a prize for anyone who can hack the site to change the message on the screen (no access to the box allowed of course) Sit back an relax knowing that your prize is safe.