When developing with WSE it is often useful to be able to see what is going out on the wire.  Changes in the WSE 2.0 release mean that is no longer possible to use tracing tools such as tcpTrace and MSSoapT.  Christop Schittko has a good post on the background to this problem and shows how to use the inbuilt-WSE trace capabilities to get around it.  There's also another solution, which is to use Mindreef SOAPScope's WebProxy, and as I was writing this I noticed that Mike Taulty has also posted his WSE 2.0 trace tool, which has become my new default favourite.

Background
The previous approach to tracing in WSE was to listen on a one port with a tracing tool, then forward the request onto another port.  WSE 2.0 now checks to make sure that the WS-Addressing To header in the SOAP message matches the address in the HTTP Header.  This means the existing tracing tools will return a fault.

The SOAPScope solution
SOAPScope has implemented it's own version of System.Net.WebProxy that allows proxying to localhost.  It also means that the address in the SOAP envelope matches the address in the HTTP header.  To use it you just need to add the following to the client's config file:

<system.net>
   <defaultProxy>
      <proxy proxyaddress="http://benjaminm:5049" bypassonlocal="false"/>
      <module type="Mindreef.Net.WebProxyEx, MrTools, Version=3.0.0.0, Culture=neutral, PublicKeyToken=90f6595dbbe888f3" />
   </defaultProxy>
</system.net>

Mike Taulty's solution
Mike has written a new WSE 2.0 Trace Tool that uses custom input and output filters into the WSE Pipeline. These filters copy the message into a new SOAP envelop and post it a tracing 'web' service listening on the a tcp port, using the SOAP Messaging (soap.tcp:\\) support within WSE 2.0.  Using it requires adding the following to the config file:

<microsoft.web.services2>
  <filters>
    <output>
      <add type="WSETracingFilter.WSEOutputFilter,WSETracingFilter, Version=1.0.0.0, Culture=Neutral, PublicKeyToken=1c1f2f7177e1ff79" />
    </output>
    <input>
      <add type="WSETracingFilter.WSEInputFilter,WSETracingFilter, Version=1.0.0.0, Culture=Neutral, PublicKeyToken=1c1f2f7177e1ff79" />
    </input>
  </filters>
</microsoft.web.services2>

It's very nice! I'm going to be using it tomorrow in my talk at TechEd.

Clemens' talk was about managing state across multiple layers within a .NET application. His message was that there are many types or state and many approaches to dealing with it. It's not just about the ASP.NET session object! He covered a definitions of services, state and its types as well as how to manage state including transactions.

Statelessness doesn't really exist
Stateless doesn't really exist. Everything is stateful when it runs. Just because a component doesn't remember anything across calls doesn't mean there isn't a state penalty. Keeping information on the stack is a way of maintaining state.

Definition of services
A service is autonomous -lives and can be deployed by itself.

A service has its own store. It might be as system with 20 modules having 20 databases.

A service is not XML and SOAP. This is just one way of talking to services.

Services shouldn't share databases
One of the gems I picked up from the talk was that we shouldn't necessarily tightly couple everything at the database layer by putting it all in one place. Sometimes this is done for speed, but the benefit may disappear if you put it in a cluster.

Martin Fowler posted about this today:

The recent rise of Service Oriented Architecture seems to mean very different things to different people, but one plausible thread is a rise of autonomous applications with their own ApplicationDatabase that communicate through service interfaces - effectively replacing shared database integration with rpc or messaging based integration. I'm very sympathetic to this view, particularly favoring integration through messaging - which is why I encouraged the development of EIP. In this view of the world the integration database is no longer the default assumption.

What is state?
All the data an application needs to remember. It can be:

• volatile (the stack manages volatile state)
• transient (a stock ticker)
• permanent.

Transient state may contain useful data
Clemens mentioned that transient data may contain useful data that is worth storing. An example is the contents of a shopping cart at an online store. Keeping this data can provide useful information about the behaviour of people on a site (how many don't complete an order?).

Don Box and Doug Purdy did a 'keynote' for the Connected Systems Track.  They started out by asking what questions the audience wanted to see.  A great set of questions were proposed and the answers contained some of the most valuable content in the session.  Here are my notes on their answers, and some they didn't get time to do.

How does WSE 2.0 fit in with the Indigo direction?
It lets you use the protocols we have today.  WSE takes your ASMX investment and keeps you in the game as we do this protocol work.  If you don't track the protocols it may not be so important. 

Indigo will be the primary technology for using the WS-* specifications in future.  WSE takes your ASMX investment and lets you add support for those specifications today.

What's the future of DIME?
MTOM.  DIME was an experiment - we were on the wrong track that didn't support security.  Microsoft got together and did PASWA that became MTOM.  It will be in Indigo and other MS technologies.

WS-Security vs. SAML?
There are many different kinds of tokens that may be used, such as Username, X509 certificates and Kerberos tokens.  Don said it was unlikely that a token type, like SAML will become the 'single token format to rule them all'.  No definite answer on where the SAML support was.  As I learnt on Saturday, trying to implement SAML support is a non-trivial exercise - it would be nice if there was a clear statement from Microsoft on when it will be supported in the platform (so that you don't have to share my dll in order for us to use it when we talk).  I think it will be part of the identity management work in future.

How successful is WSE at interop?
Microsoft do bake-offs with WSE where they get all the vendors in a room and try and make the specifications work.  There wasn't a definite answer other than this.

How do you talk SOAP from a Windows Service?
Don's answer was that you do the hard work to host ASMX inside a service then put an ASMX façade and call into the service with ES or Remoting.

I thought this missed the point that the recently released WSE 2.0 supports Soap Messaging, which allows you to implement SOAP messaging over TCP.  I think this would be a far easier way of hosting SOAP within a windows services.

What is the technology to replace COM+ in the long term?
ES investment will keep working.  Deployment, interception and synchronization are being brought forward into Indigo.  Many of the ES semantics are a direct correlation with the Indigo model.  Doug mentioned that ES programmers will be the most prepared to work with Indigo when it ships.

Is there an issue with the verbosity of web services payload?
Don's answer was that Indigo will 'negotiate up' and switch to a faster way of communicating if the other endpoint uses Indigo.  How they do this is to be seen (there were comments at the PDC that the first Indigo call will be a policy request to see if the other end is an Indigo endpoint).  Don mentioned that the industry is having a hard time defining binary protocols that allow user definition are difficult.  Binary protocols that support user defined structures are hard.

How do we discover services and determine policy at run time?
Don mentioned that UDDI was a solution you could use today.  In a show of hands only 4 of 200 attendees were using UDDI (2% adoption?).  According to Don it makes some hapy, but some customers want more.  They want a more flexible model for describing things without having to use the tModel (which is hard to grok).  There also other groups want to discover services on devices, so WS-Discovery is where Microsoft are headed.  It is a small spec that is easy to understand that can be easily implemented.

Will we need to continue to be plumbers to do web services security?
I thought this was a great answer:

For a while.  WSE makes it easier, but if things go wrong you'll need a plumber.  We have not done our job in Indigo if people have to understand the protocols.  Your common developer needs to solve business problems, not the protocol problems.  Indigo is adding value without focussing on the protocols. 

No matter how good WSE does, since we are ironing out the interop you'll still need to read WS-Sec.  Now at least we only need plumbers when things go wrong.

What's the migration path to SO?
This was really the content of Richard Turner's talk in the track, he's also written a great post on detailing prescriptive guidance on preparing to upgrade to Indigo.  The basic message is don't do tricky things.  If you are doing something that was hard to figure out, maybe that was for a reason.  So things like SoapExtensions or custom message sinks in Remoting are not going to upgrade well.  There's lots of material out there that shows that Microsoft have a 'good story' on upgrading from various technologies.

Unanswered questions:

• What is the MSMQ equivalent for COM+?  Is MSMQ going away?
• How does EIF fit into SOA?
• Strategies for native to managed interop?
• Will Indigo support mailslots?
• Are there any application blocks for SOA?
• How do we handle events across appdomains?
• Security - you have authentication and authorization - what about any attacks through the channel - filtering content? Content-awareness in firewalls?

The Cabanas are a new idea at this year's TechEd.  They are informal areas where attendees can get closer to the presenters and interact more.  Here's a shot I saw of Rocky Lhotka and Ted Neward presenting a session, with Peter Provost in the background.  It looked like a Roman Forum.

I'm with all of the 'Blue Shirts', speakers and the Microsoft staff, in the keynote overflow room, sharing the experience of watching Steve Ballmer on a video screen.  Here are some key points:

• He's looking trimmer. A gasp of 'Atkins!' went around the room.
• Key messages - do more with less.
• The next 10 years are going to be even greater than the last.
• Only Pfizer spends more than Microsoft on R&D.
• Remember 10 years ago TCP/IP was a separate business to the OS.
• Integration is the key. How many data access layers does Microsoft need.
• How can we narrow down the skillset required to know how to use the products. Integrate to reduce the overhead required to use the platform.
• Windows XP SP2 has taken priority over Longhorn recently.
• It used to be 'features, features, features' now it's 'listen, listen, listen'.
• Watson is one of the biggest advances in computing. Being able to send crash reports to Microsoft means there is a statistical way of rating the issues that users are having.
• Integrated innovation and customer responsiveness to do more with less.
• Security is key focus.
• Spam is too cheap to send - we need to add cost and burden. Using techniques like making the sender prove who they are.
• Interoperability has been a key focus. Microsoft has done more than most people have ever given them credit for in integration. Microsoft is absolutely behind the XML stack as an open standard. The 'best and most important thing to happen to our industry'. It's an 'architected' way of doing interoperability. The old way was writing XML to connect each system.
• Microsoft Office beta web services - allow Office to be a smart end client to web services.
• Becky Dias gets on stage.
• WSE 2.0 is released! Also the Microsoft Office Information Bridge are entering Beta.  Basically web services integrated with Microsoft Office task pane.
• She's clicked on someone's name in Outlook. A task pane has come up with a form that lets her do a stock trade, calling a webservice and gets an ID back again, all without leaving Outlook.
• Demoing policy. Not sure if the audience are getting this. But it's very cool. We don't have to right code anymore. Definitely should have spent more time polishing the WSE Settings Tool wizard screens.
• .NET has more than 50% of the US market. Customers think it is 66% more reliable, 70% think it is faster, 2.7x people think it is more secure.
• The VSIP program has been increased. Oracle and SAP and TibCo will use Visual Studio for their platforms.
• Visual Studio 'Team System' - now trying to do more as part of the software development life cycle. Group development, modelling, testing and deployment.
• It looks like we now get bug tracking within Visual Studio.
• Showing a Whitehorse style screen that diagrams the deployment of the application and can check to ensure that it will work in that environment.  It produces 'build errors' when you compile it.
• Can specify that the system passes build rules, static analysis and unit tests. 
• Finally we have unit tests that are part of the build system (this got a clap!).  Now we know what James Newkirk has been doing at Microsoft!  Rewriting NUnit!
• Also includes code coverage tools as well (another clap)
• There's also a security version of FxCop that is built into 'Visual Studio Team System' based on Microsoft Research's work on Secure Computing Initiative.
• But wait, there's more .... load testing as well (more claps!)
• Back to the Information worker.  Steve has the feeling that SharePoint Team Server, Portal Server, Office and Live Meeting haven't been as well adopted as they should have.
• There will be advances in searching as a result of 'strong competition' (see Google)
• Why choose Microsoft over Linux or Java? More integreated innovation, better responsiveness and trustworthiness, partnerships, choice (more applications, better interoperability).

Overall I was a little disappointed that 'Crazy Steve' didn't make an appearance.  There was no sweat, no ranting, no cheering with the crowd.

Scott's a very funny man and hosted a very entertaining session on code generation.  My jet lag really kicked in at the start of this session, so you might like to see Peter Provost's blog for more coverage as well as Jon Galloway:

• Jon Lam talked about the 'usability tax' from using XML. XSLT is a programming language that is hard to maintain. He prefers using PERL for writing code. XML is hard for humans to maintain.
• Scott started by talking about the CodeDOM as being 'the opposite of terse'.
• Discussion about the line between creating a generic engine versus just solving the problem with code. How do we deal with the trade-off between producing a solution to the current problem versus creating a generic non-specific approach.
• Computer languages are for people to work with, so we write in C#. It is a code generator that produces IL that produces assembly code to run. We want a higher level language to build software.
• 3 kinds of code-generation: Wizard skeleton, Compiler - template and generics, Modelling - result is not a model but an assembly
• Some discussion about whether generators were useful for producing quick and dirty one-off situations.
• Discussion about what the output of code generation should be. Is it the code files, or is it the compiled DLL?
• How do you manage changes - should you do it at compile time or run time? What about it you need to modify things after they have been generated? Should you make them plugins, use interfaces or work with the config files.
• Sometimes code-generation make it hard for others to maintain.
• Don't do the rules engine that solve the 'verbs' problem. Think about the nouns.

How Corillian do code generation:

• Scott talked about how Corillian do it. They model the nouns in a visual tool using an XML schema underneath that can be extended and allows you to create your own vocabulary. The elements on the schema come from another namespace that includes domain specific attributes.
• They then we use a free-ware tool called code-smith which lets you write code-generation syntax in an ASP.NET syntax (<% for each … %> to output the data). They use that to create the code (rather than HTML in the ASP example).
• They created an XML schema adapter that looks at an XML schema and gives you a collection of top-level types and subtypes. Then all the different places where they have domain-specific knowledge they use 'aspects' by placing that logic inside the setters and getters.
• The schema describes the contract between asp.net and the host and the asp.net and the front end like the device that it displays on.
• The adapter reads the schema and presents it in a friendlier way. The CodeSmith studio is an IDE for doing this. It has adapters that takes anything that presents a collection (e.g. a database), then for each table in tables - generate the code.
• The easiest way to jump into code generation it is to use the strongly-typed collection classes that comes from CodeSmith - accounts in ArrayLists should become an accounts object - it allows you to simulate the behaviour of generics now.
• Any time in the schema with max-occurs unbounded - we know it is an array and autogenerate a strongly-typed object it.
• The business people edit the XML in XML spy. Corillian separate domain objects from the message. They have a WSDL explorer. They use WSDL and a custom binding to generate the whole banking services. The proxy is generated from the WSDL - binds domain objects, messages and verbs.
• In future they are looking at using schematron that describe restrictions (e.g. saying something is an integer is not the same as saying it is a social security number). The intention is that the attribute on an element in the schema maps through an attribute in .NET.
• Scott's belief was that anything in the schema should be carried forward because the metadata should not be lost.

If you're at TechEd and would like to catch up with me I'm on MSN Instant Messenger at benjamin AT benjamin DOT net.   I'm especially interested in anyone who's doing work or got thoughts on web services, Indigo or extreme programming. 

I'm also on Scott Hansleman's Microsoft Regional Director Bingo card (available from booths 49-50 in the Pavillion) so come and say hello and I'll help you win a prize. 

Roy was concerned that this represented the 'cult of the worshipping masses' and that we 'should not be handing out autographs, but software, tips, tricks and code'.  Well, happilly I can report that the goal of the Bingo game is to encourage attendees to talk to the Regional Directors.  It's sending the signal that we're here to connect with attendees and share experiences and transfer knowledge.

Meeting the RDS at TechEd is just like a .NET rocks episode but live and in person.

Here are some of my tips on how to make the most of the week at TechEd.

Make a session plan.  Know your entry and exit points.  TechEd is sold out.  Not only that, it is overbooked.  Expect to be sitting in the aisle if you aren't clear about which sessions you are going to and how to get there.  Spend some time learning the floor plan on the first day so you can get between rooms without getting lost. 

Don't stare too long watching the PowerPoint slides.  Every attendee is going to get a DVD with the slides and audio after the show (it will likely be on the web as well), so don't cram your schedule too full with sessions.  Pick the key sessions to attend, you can watch the others later.

Connect with people about the technology.  Instead of going to the breakout sessions, make sure you spend time in the Cabana areas and the Community Lounge.  The Cabana areas are small presentation areas where you can 'heckle' (well, ask questions and interact) the presenter.  The Microsoft stand in the Exhibit Hall has   many key people from the product groups at the event.  They are here to meet you, answer your questions and help you understand the technology.  Take advantage of this chance to have one on one conversations.

Speak to the Presenters, Authors or Regional Directors you see.  Don't be afraid to approach these people if you see them.  They are at the event to answer your questions and find out about your experience.  Use them. 

Focus on questions you'd like to have answered and areas of knowledge you'd like to improve.  Aside from the above, I think there's also a RIO networking area where you can go and find experts who can answer your question.  There are lots of key people from most of the Microsoft teams at the events and they are here to talk with you.   Spend some one on one time with experts rather than just sitting in the audience. 

There was a panel discussion with John Bristowe, Scott Hanselman, Joe Homnick, Joe Lindsay, Terry Mohn, Ted Neward.  the highlight for me was that there still isn't good tool support, or a good story from Microsoft, on how to manage services once they have been deployed.  Other points:

• Scott mentioned that his company provide services to 30% of all online US Banks and 50% of them rely on web services. So they are out there and being used.
• An excellent point was made there isn't good tool support (or a good story from Microsoft) on how to manage services once they are deployed. The tools to ensure that services are up and running and providing guaranteed levels of services are not here yet.
• There was some discussion about whether we should care about angle brackets or not. Scott made the point that we should focus on Infoset. John Bristowe made the point that it can be useful to understand the specs and know what is happening on the wire.
• Ted mentioned that editing WSDL is too hard and no-one at the event other than Scott had actually done it. Scott made the point that most of us had edited HTML files because we did not like the way FrontPage formatted them, so why hadn't anyone done the same with their WSDL?
• Some good points from the more business-focussed members of the panel that they are more interested in tools making developers productive than in having developers that understand the plumbing in web services.
• Discussion about what the definition of SOA is. Answers included 'components with a longer wire', 'objects with explicit boundaries', 'hooking shit together'.  I had a useful discussion aftewards with Joe Homnick that helped me see that SOA is most useful as a concept when talking with businesses about how to architect projects.  As I've mentioned before I'm still not convinced that SOA is definable, but it is based on top of good architectural concepts such as encapsulation, data hiding, loose-coupling, service discovery, messaging patterns and asynchronous processing.  So if we need to call this SOA in order to get all excited about these topics then it may be a necessary evil.
• I followed with the question 'what problems is SOA trying to solve?' answers included high-level re-use and interoperability.
• Discussion about location transparency not being a good idea. Ted suggested the original idea was really about being able to write code without having to know the location of the components, rather than hiding the fact that this was an expensive cross-network call to a component.
• Discussion about the fact that Amazon uses Web Services well but that XML over HTTP is more popular than their SOAP implementation. There was some discussion about alternatives to SOAP such as REST, but they were seen as more limited compared to SOAP. The key for me is that tool vendors need to implement great tools for SOAP so that it is easy to use as these competing approaches.
• The more business focussed members of the panel made the point that the technology is not the main thing, it's supporting business functions. For them the point of the Interoperability work is that it les them go out and buy products that they know can talk together.

Ted Neward gave the keynote at our WS-Interoperability Day even today.  Here are some of the points he made:

• It's important to learn from the past, in terms of previous distributed computing approaches, when looking at Service Oriented architecture and web services.
• One of the key things that made HTTP a ubiquitous approach to solving interoperability problems was that it was simple.  For me this highlighted the fact that it is essential that good developer programming models be developed over the top of the WS-* standards so that it's simple for developers to take advantage of the functionality without necessarily having to be a plumber. 
• It is important that vendors continue to work together and not start developing their own non-standard features.  Ted mentioned that vendors are currently being driven to ensure compatibility in order to make money from the new approaches, but once a market it established they may start fracturing away by adding their own non-standard implementations.  Dare covered this in his post detailing the SQL standards.
• Ted made the point that Objects work better when they are deployed together because they need to talk together.  Good objects are well factored and make a lot of calls.  This means that the same techniques does not extend well to situations where objects are distributed.
• The fastest call that can be made to a network is around 1000 times slower than a local in-process call.  This can raise to 10,000 times slower when the network is involved.  To illustrate what this means, Ted used the analogy that this was similar to his 20 minute commute to work taking 70 days (his math).
• SOA is just a new way to get developers to listen to the worn-out message that  'Distributed Objects Don't Work'
• Interoperable systems work best when the architecture is built from the centre out.  If you start at the .NET and work towards Java for example it's likely that you'll find you've implemented something that is incompatible.
• The problem with starting from the inside out is that WSDL, which provides the definitions, is hard to work with and you really need a tool to author it.

I flew into San Diego last night where Michele Leroux Bustamante had agreed to meet me at the airport.  The plane was an hour and a half late and I was wondering if she'd still be there or even recognise me.  Turns out I needn't have worried she'd be in the group with the three laptops and the wireless router:

That's Anant Kadiyala, Michele and Heinrich Gantenbein getting in all the preparation time they could before our interop demo.

I'm presenting a TechEd session in the Connected Systems track on how to use Web Services Enhancements 2.0 to secure web services.  TechEd looks like being a mini-WSE festival, with Aaron Skonnard doing the pre-conference on Sunday, Keith "My blog has gone" Ballinger talking up a storm on messaging over multiple machines and networks, plus loads of other applied web services talks.

In my session I'm going to cover all of the security features in WSE using as many code demonstrations as I can fit it.  I'll cover the basics such as security tokens, signing and encrypting before moving on to more advanced topics such as token issuing and establishing secure conversations.  I'll show how WSE 2.0 allows all of this to be done with code as well as policy and configuration files.  The best part is that straight afterwards you'll be able to go and do some Hands On Labs authored by Aaron Skonnard covering these topics.  How's that for in-depth educational experience?

Here's the official description

CTS302 Connected Systems: Using Web Services Enhancements v2.0 (WSE) to Secure Web Services
Wednesday, May 26 2:00 PM- 3:15 PM, Room 10
Speaker(s): Benjamin Mitchell
Track(s): Connected Systems, Developer Tools and Technologies, Security
Web Services are being used to cross application boundaries, especially between enterprises. Such interactions need to be secure. See how to use WSE v2.0 and the security protocols that it implements to secure Web service interactions within and beyond the Trust domain

For those interested in doing some background reading before the event, I strongly recommend WS-Security Drilldown in Web Services Enhancements 2.0 by Don Smith.  Rebecca Dias thinks its the best article she's read on WS-Security and I'd agree.  Also Hervey Wilson's blog mentions some truly magical features that will whet your appetite for what you could see.

Like Steve Maine, I've recently switched to RSS Bandit from SharpReader as my news aggregator of choice.  My main issues with SharpReader were:

• It used up way too much memory (300,000 K vs . 24,000 K).
• It took too long to load, the toast notifications used to hang my machine (I know I could turn them off but somehow I never got around to doing it).
• No ability to flag messages for follow up.  Being time-challenged of late I really wanted to mark records that I could post on later but couldn't (except by using the 'lock' and hunting for it later).
• No way of counting how many feeds I subscribed to (not really important, but I wanted to know - turns out it's 280).
• It ate some posts once.  Luke fixed this one pretty quick, but I find it hard to get over a data loss.

I'd tried RSS Bandit in the past but didn't think much of it.  However, now it provides a solution to most of the above problems.  It's fast, very quick to load, has great flagging and searching support and I really like the ability to use my own style sheet to view the posts (I wanted to try Newsgator with Lookout inside Outlook, but I had to install them a few times so that they'd play nice together, and then I couldn't find an easy way to choose my own reading font).  Matt Berther comments on Steve's post mentioned JetBrains (the people behind IntelliJ and ReSharper) have an Outlook plugin, OmniaMea that supports blog feeds as well as NNTP, so maybe this is my ideal.

Some things that I miss from SharpReader in RSS Bandit:

• Like Steve, I don't like the default alphabetical ordering.
• The arrow keys to move up and down between posts.
• The space bar takes me to the earliest unread message, rather than the most recent unread message.
• A strange setting where the font is always +0.25 bigger than I asked for.
• I preffered SharpReader's ability to open the browser in multiple new windows to a docked browser (maybe there's a config setting I'm yet to find).

I'm an archive kind of a guy so I'd love to find some tool to convert my SharpReader archive to RSS Bandit. 

Are you confused about how all of the WS-* specifications fit together?  Hard to get your head around the WS-Alphabet soup?   3Leaf have a great Web Services Architecture Timeline graphic that makes it easy to see how the specifications have been created over time [via Ken Brubaker]

Although there are a lot of specifications, they have been built in a composable way to support secure, reliable and transacted web services.

Martin Gudgin points to the Working Group Draft of the WS-I Basic Security Profile.  I believe that the web services security will play a major role in increasing the adoption of web services in future.  It's great to see the WS-I behind a push for greater interoperability in web services security.

Web services security enables message level security, through signing and encrypting parts of a message, so that secure communication can be established even across public networks such as the Internet.  Increasing support and compliance for this security infrastructure across platforms and development languages will lead to even greater adoption of web services.

I'm hoping that they develop test cases that can be used to prove compliance to the standard, similar to those already developed for the WS-I Basic Profile.  In preparations for this Saturday's Web Services Interoperability Day Michele Leroux Bustamante has had to assume the role of 'human interoperability tester'.

Before TechEd San Diego I'm going to be presenting a SAML token issuer sample with Michele Leroux Bustamante as part of the Web Service Interoperability Day this Saturday.  The event is a chance to actually see interoperability happening, rather than just watching PowerPoint slides.  We'll be focussing on showing real code demonstrate WS-Security (now an OASIS standard that will be implemented with the release of WSE 2.0) and WS-Policy.

Getting the demos ready has been an international collaboration.  John Bristowe has been waving the WSE/Policy 'Pom Poms'.  Chris Haddad is doing the Java implementation with OpenSAML.

After the demonstration there's a panel discussion on the state of web services standards that should be very lively.