Reading Micheal M's comment, I realized that I was not clear enough in my last post.When I said I didn't want to think about security, I meant as a plumber. Part of my responsibility as the designer or developer of an application is, as Micheal M, says, to think about everything as a possible security hole. He is absolutely right and I did not intend to imply otherwise.

But I need help. I can't write my own cryptography engine. I don't have the time, and, more importantly, I won't get it right. Similarly, I don't want to have to write my own SSL hand-shake to establish a secure channel with an HTTPS endpoint. Luckly, those things are provided for me by my platform. However, that doesn't mean I get to abdicate all responsibility. At the very least, I have to:

  • Make sure I understand how these technologies work and I know how to use them correctly
  • Decide how to use these technologies to my application so that I ensure data integrity and confidentiality wherever it's required
  • Make sure I test my application to ensure that the technology does what I expect it to
  • Make sure I keep my platform up-to-date with patches that fix security holes

SSL strikes a reasonable balance. I don't have to worry about implementing the cryptography or handshake protocol myself. I do have to worry about when and how I use it, keeping my implementation patched, and whether or not the cert presented to the client does in fact identify the server. That's tractable for me with my level of security expertise.

My point about WS-Security and all the threads about MsComServices was that I need to get more from my platform. I want to get replay detection and secure channels from my platform. As with SSL, I will still have to think long and hard about how and when to use these features, make sure I keep my implementation up-to-date, and test my implementation to make sure it works. But I won't have to implement everything myself.

Things are moving in the right direction with the WSE 2.0 Tech Preview. WSE 1.0 provided the atoms for WS-Security. 2.0 provides molecules like WS-SecureConversation. Increasing the level of abstraction in this way is key.

Thanks for raising this point Micheal. I don't wany anyone to think that I or anyone else at Microsoft is not VERY concerned about making software more secure. Ironically, I actually see removing myself from the lower level implementation details as a way to increase the security of my software. Using the right security features from my platform is a better choice, as long as I do so responsibly (see the bullet list above).