I was having a hard time putting the different pieces of WS Security into buckets so that they are easier to explain.
The problem was authentication. I finally realized how I wanted to explain it. Authentication is done with security tokens, but authentication does not really belong in a bucket. It is done in tandem with all of the other processes – authorization, encryption, signing. Now it makes more sense to me.
I am starting to realize that one of the reasons that I have had such a difficult time with WSE is because I am not really a linear thinker. I’m more, well, spherical. But I was somehow unable to take wse as a whole and shove it into my brain. I really have had to go through this detailed process of breaking it apart, analyzing it’s pieces and then seeing how they fit back together.
And the sad part is all of this effort has only been for grokking the security stuff. There is a lot more to WSE than security.
The happy happy part is that I do really have a handle on this and one that I know I can easily share with other people who feel about this info the way I have for the past few years!
I seriously need to shout out to Don Smith for some hefty support over the last bunch of days. He’s been amazing in helping me clarify some of the things that I was still fuzzy with. THANKS DON!
Sign up for my newsletter so you don't miss my conference & Pluralsight course announcements!