Tip

Preview of .NET V2 security

At the 13th annual RSA Security Conference in San Francisco many of the general sessions featured Web services' topics. It is not unusual that Web services would feature so prominently in a security conference. Web services is fast becoming one of the most powerful and desirable development areas in the industry. But, your Web services application is only as good as it is secure.

Security is a primary concern as new Web services-enabled applications are creating entry points into legacy systems that access years of proprietary data. Microsoft, not exactly known to be a leader in security, is set to release version two of their .NET Framework, according to Ryan Hurst, Windows Security Program Manager at Microsoft. Among the improvements are many security enhancements such as X.509 certificate support. Here's a preview:

While V1.0 and V1.1 of the .NET framework did have limited support for X.509 certificates, the new version will support certificate decoding and validation within the System.Security.Cryptography.X509Certificates namespace. Also new to System.Security.Cryptography are the .Pkcs and .XML namespaces. These can enable

    Requires Free Membership to View

encoding and decoding of CMS/PKCS #7 messages and support for verifying X.509-based XMLDSIG signatures, respectively. The goal of the .NET developers at Microsoft was to make X.509 certificates "easy to use" and "extendable;" to this end, they have added many classes to System.Security.Cryptography.X509Certificates, among them: X509CertificateEx, X509CertificateExCollection, X509Extensions, X509Chain and X509Store.

V2 of the .NET Framework also includes other security improvements. Security error tracking has been improved by the expansion of the SecurityException class. Also, the protection schemes of public APIs have been improved. Among the more notable additions is a tool that helps you determine the security needs of your application called PermCalc.

So when will V2 be released? There will be a community-based release at the end of March. Microsoft plans to involve the community in the development process earlier in hopes of getting feedback that can be integrated in the new builds that should come out every couple months. The first community release will be at VS Live. Otherwise, you'll have to wait until 2005.


Benjamin Vigil is a technical editor for TechTarget.


This was first published in March 2004

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.