Reading Micheal M's comment, I realized that I was not clear enough in my last post.When
I said I didn't want to think about security, I meant as a plumber. Part
of my responsibility as the designer or developer of an application is, as
Micheal M, says, to think about everything as a possible security hole. He is absolutely
right and I did not intend to imply otherwise.
But I need help. I can't write my own cryptography engine. I don't have the time,
and, more importantly, I won't get it right. Similarly, I don't want to have to write
my own SSL hand-shake to establish a secure channel with an HTTPS endpoint. Luckly,
those things are provided for me by my platform. However, that doesn't mean I get
to abdicate all responsibility. At the very least, I have to:
SSL strikes a reasonable balance. I don't have to worry about implementing the cryptography
or handshake protocol myself. I do have to worry about when and how I use it, keeping
my implementation patched, and whether or not the cert presented to the client does
in fact identify the server. That's tractable for me with my level of security expertise.
My point about WS-Security and
all the threads about MsComServices was
that I need to get more from my platform. I want to get replay detection and secure
channels from my platform. As with SSL, I will still have to think long and hard about
how and when to use these features, make sure I keep my implementation up-to-date,
and test my implementation to make sure it works. But I won't have to implement everything
Things are moving in the right direction with the WSE
2.0 Tech Preview. WSE
1.0 provided the atoms for WS-Security.
2.0 provides molecules like WS-SecureConversation.
Increasing the level of abstraction in this way is key.
Thanks for raising this point Micheal. I don't wany anyone to think that I or anyone
else at Microsoft is not VERY concerned about making software more secure. Ironically,
I actually see removing myself from the lower level implementation details as a way
to increase the security of my software. Using the right security features from my
platform is a better choice, as long as I do so responsibly (see the bullet list above).