I finished up my Web Services Theory class at OIT last night. Just the final to go on Monday (mwah ha ha).
We ended with some stuff on WS-* and all the various specs. I tried to spend minimal time on the actual syntax of WS-*, since some of them are pretty hairy, and spent more time on the business cases for WS-*. That seemed to go over pretty well. I think it's easier to understand the business case for why we need WS-Security than it is to understand the spec itself. Unfortunately, on of the underlying assumptions about all the GXA/WS-* specs is that eventually they will just fade into the background, and you'll never see the actual XML, since some framework piece (like WSE 2.0) will just "take care of it" for you. What that means is that the actual XML can be pretty complex. The unfortunate part is that we don't have all those framework bits yet, so we have to deal with all the complexity ourselves. Thankfully more tools like WSE 2 are available to hide some of that from the average developer. On the other hand, I'm a great believer in taking the red pill and understanding what really goes on underneath our framework implemenations.