I've spent a lot of time with WS-Security lately, partly because of the bruhaha over its use in MsComService, and partly because I'm digging more deeply into WSE 2.0. Like most of my friends (and a penguin Gudge knows), I'm a plumber. I like spending time thinking about how to program with XML messages (feeding my reputed addition). But I realized last weekend that there are limits, even for me. I realized that I want someone else to take care of security for me...

It's not that I'm not interested - I think it's a fascinating topic. But I have too many other things going on to lose myself in it, and I don't trust myself to build something secure if I have to worry about all the details of signing, encryption, nonces, hashes, etc. myself. Hopefully a day will soon come when I can simply request a secure channel to a distant service and sit back and relax, confident that someone else has thought about the hard security problems for me.

Then I can spend more time thinking about what the bodies of my message look like - the problem domain specific part that it's hard for other folks to help me with...