# Wednesday, 08 December 2004

I just listened to Microsoft’s web cast on the new Web Services features in Yukon, and I have to say I’m pretty skeptical.  I think it’s yet another case of Microsoft building support for “open standards” and then making them really only work practically if you’re running Windows on both ends. 

The biggest thing that concerns me is their authentication scheme.  They have disallowed anonymous connections, meaning that your HTTP connection must be authenticated using Basic, Digest, or Integrated Authentication.  That means on non-Windows platforms, you’ll be limited to Basic.  But wait.  They also decided that if you allow Basic auth, you must use SSL.  Furthermore, using Basic auth means that you have to use SQL Auth on your SQL server.  How do you send your SQL Auth credentials?, you might ask.  WS-Security Username tokens.  But WS-Security isn’t supported for either encryption or digital sigs. 

Plus, you have to use a separate SOAP header to carry session information so that you can maintain your context inside SQL server.  (OK, that bit’s pretty clever.)

So if I want to use Web Services to talk to SQL server from a non-Windows platform, I have to use Basic authentication over SSL, and provide a WS-Security header and a session header.  These seem to me like pretty heavy requirements.  Much of this was explained away with “WSE supports all this stuff”.  OK, great, but that’s not going to help my clients who are using Ruby under Linux. 

The guy giving the demo didn’t give us a look at the WSDL that SQL server generates, so I have no idea how complex or otherwise it might be.  Given that it’s hard to judge how hard it would be to deal with the data coming back from SQL Server.  In the plus column, they’ve provided hooks so that you can write your own WSDL if you don’t like the way they do it.

Besides the above issues, I think their implementation and support for Web Services is pretty dang clever.  They’ve thought about a lot of issues. 

What I don’t get is if my Web Services clients only work best under Windows, why do I need Web Services?