Where can I find some good WS-Security introductions and tutorials?

Question

Can anyone point me to some decent introductions to WS-Security?

I'm looking for tutorials or something that provide a fairly gentle introduction to the subject, though I don't mind if it assumes basic knowledge of web services and SOAP. Most of the stuff I've seen so far is very technical and you need a lot of complex, detailed background knowledge to understand it properly.

We have to implement a web service in PHP and one or more clients in .NET, so resources covering both would be much appreciated.

Answer 1

Check Kirk Evans' blog as it deals with the .NET Framework 2.0+ instead of the old .NET Framework 1.0 linked by Sven.

The implementation on Evans' blog is backwards compatible with clients running .NET Frameowrk 1.0.

Answer 2

You can find some good article on WS-Security and Apache Rampart - the open source WS-Security implementation - in WSO2 Online Library.

WSO2 WSF/PHP is a PHP Web services extension that has support for WS-Security and also interops with .NET Web services/clients seamlessly.

Answer 3

I had to give myself a crash course in WS-Security a few months back, here are a few links that I found helpful:

http://www.ibm.com/developerworks/webservices/library/ws-security.html

http://www.devx.com/security/Article/15634

http://www.devx.com/Java/Article/28816

Answer 4

I think the best introduction to the (any) subject are some good examples.
This article at codeProject gives a fairly easy to follow guide trough web service security for a .NET application.