At the 13th annual RSA Security Conference in San Francisco many of the general sessions featured Web services'
topics. It is not unusual that Web services would feature so prominently in a security conference. Web services is fast becoming one of the most powerful and desirable development areas in the industry. But, your Web services application is only as good as it is secure.
Security is a primary concern as new Web services-enabled applications are creating entry points into legacy systems that access years of proprietary data. Microsoft, not exactly known to be a leader in security, is set to release version two of their .NET Framework, according to Ryan Hurst, Windows Security Program Manager at Microsoft. Among the improvements are many security enhancements such as X.509 certificate support. Here's a preview:
While V1.0 and V1.1 of the .NET framework did have limited support for X.509 certificates, the new version will support certificate decoding and validation within the System.Security.Cryptography.X509Certificates namespace. Also new to System.Security.Cryptography are the .Pkcs and .XML namespaces. These can enable encoding and decoding of CMS/PKCS #7 messages and support for verifying X.509-based XMLDSIG signatures, respectively. The goal of the .NET developers at Microsoft was to make X.509 certificates "easy to use" and "extendable;" to this end, they have added many classes to System.Security.Cryptography.X509Certificates, among them: X509CertificateEx, X509CertificateExCollection, X509Extensions, X509Chain and X509Store.
V2 of the .NET Framework also includes other security improvements. Security error tracking has been improved by the expansion of the SecurityException class. Also, the protection schemes of public APIs have been improved. Among the more notable additions is a tool that helps you determine the security needs of your application called PermCalc.
So when will V2 be released? There will be a community-based release at the end of March. Microsoft plans to involve the community in the development process earlier in hopes of getting feedback that can be integrated in the new builds that should come out every couple months. The first community release will be at VS Live. Otherwise, you'll have to wait until 2005.
Benjamin Vigil is a technical editor for TechTarget.