By Andrew Horne
Authentication and authorization are key areas of focus in the “Improving Web Services Security” guide published by Microsoft’s Patterns and Practices Team. The guide leads you through SOA security, WCF security, and useful application scenarios for both internet and intranet.
The twin security approach of authentication and authorization assures that only trusted users use your applications. This guide runs through the decisions you have to make in setting up these security devices, such as which authorization approach to use: role-based, identity-based or resource-based. This leads to questions about user stores and transfer security, among many others. The answers you give to these questions also have an effect on authentication: for instance, do you go with username or certificate authentication? The chapter “Solutions at a Glance” gives you a neat five-step outline to keep your thoughts organized.
Patterns and Practices pooled knowledge resources with Microsoft’s WCF team and outside leaders in the field, while also comparing this knowledge with user responses. The guide reflects the increasingly important role security plays for designers in today’s technological environment. As Nicholas Allen, Program manager of WCF, writes in his forward to the book, “Security has to be treated as part and parcel of functionality.”