# Wednesday, 08 December 2004

I just listened to Microsoft’s web cast on the new Web Services features in Yukon, and I have to say I’m pretty skeptical.  I think it’s yet another case of Microsoft building support for “open standards” and then making them really only work practically if you’re running Windows on both ends. 

The biggest thing that concerns me is their authentication scheme.  They have disallowed anonymous connections, meaning that your HTTP connection must be authenticated using Basic, Digest, or Integrated Authentication.  That means on non-Windows platforms, you’ll be limited to Basic.  But wait.  They also decided that if you allow Basic auth, you must use SSL.  Furthermore, using Basic auth means that you have to use SQL Auth on your SQL server.  How do you send your SQL Auth credentials?, you might ask.  WS-Security Username tokens.  But WS-Security isn’t supported for either encryption or digital sigs. 

Plus, you have to use a separate SOAP header to carry session information so that you can maintain your context inside SQL server.  (OK, that bit’s pretty clever.)

So if I want to use Web Services to talk to SQL server from a non-Windows platform, I have to use Basic authentication over SSL, and provide a WS-Security header and a session header.  These seem to me like pretty heavy requirements.  Much of this was explained away with “WSE supports all this stuff”.  OK, great, but that’s not going to help my clients who are using Ruby under Linux. 

The guy giving the demo didn’t give us a look at the WSDL that SQL server generates, so I have no idea how complex or otherwise it might be.  Given that it’s hard to judge how hard it would be to deal with the data coming back from SQL Server.  In the plus column, they’ve provided hooks so that you can write your own WSDL if you don’t like the way they do it.

Besides the above issues, I think their implementation and support for Web Services is pretty dang clever.  They’ve thought about a lot of issues. 

What I don’t get is if my Web Services clients only work best under Windows, why do I need Web Services?

Wednesday, 29 June 2005 07:50:45 (Pacific Daylight Time, UTC-07:00)
Hi

I just want to know r view on the one way support of webservice features in yukon.yes i am saying this as one way because you can't natively access web svc in yukon .You can access the same in a clr rpoc and call the same from yukon but if the xml http supports is 2 way whynot MS is providing the 2 way communication.

I know security would be a issue here but why not out of box the same could be provided.I can get the xml and form it on my own and even the same can be done thru managed proc but why should i go for that??

thx
shreeman
Comments are closed.