It would seem that Microsoft is attempting to beef-up their security in the .NET framework… I haven’t had time to read the whole thing, but it seemed like an interesting read esp. for M$ developers like my-self… Here y’all go;

http://msdn.microsoft.com/webservice...wssecdrill.asp

Introduction
Developers and software architects are realizing Web service implementations are requiring more complex architectures as they struggle to fill the shoes of their distributed ancestors. As the specifications designed to support these architectures continue to evolve, toolsets compliant to these specifications are essential for interoperability and developer productivity. Web Services Enhancements 2.0 for Microsoft .NET (WSE 2.0) is an add-on to Visual Studio .NET and the .NET Framework that helps developers meet these complex business requirements. Specific to this article, WSE is used to apply message-level credentials, encryption, and digital signing to SOAP messages independent of the transport protocol. By building on these basic security principles, trust relationships can be established through multiple endpoints that may not directly trust each other. In addition to these scenarios, this article describes how policies can be used to ensure that the security requirements are being described and adhered to.
As you will soon see, this article uses quite a few source code listings to enforce many of the concepts presented. It's important to understand a large part of this source code can be reduced by the use of policies. The use of policies is a new feature in WSE 2.0 and its benefits are addressed in the last section of this article.