Hey all!! For all you Web Services coders, there is quite a nice security feature list in the Web Services Enhancments (WSE) 3.0 . The WSE3.0 allows you to set the security of the connection between a web client and a web service. The features are meant to solve 2 problems: Authentication at the beginning of the connection and Confidentiality and Integrity during the connection. The Authentication part allows you to use one of 3 mechanisms: Kerberos (good for a situation of a web service and web client in the same domain), Certificates (good for a situation of iner-domain connection and a fat client) and Username/Password (good for all the rest The security of the connection (called secure conversation) can ride on each of the authenticatoin mechanisms when the main principle is to use the Kerberos ticket/Certificate/Password derived key to pass a conversatoin key used for encryption and digital signature. More info can be found at : http://msdn.microsoft.com/msdnmag/issues/06/02/WSE30/ Enjoy Dracula4ever
