WCF and (no) Partial Trust
Via Doug’s blog, I learned about Partial Trust will not make the WCF V1 cutoff. I can say, having been part of the 2 year Indigo SDR, watching all the hard work, I believe Doug and Clemens that they wanted to do it, ran out of time, and “that partial trust is incredibly hard (and very time consuming) to test for a communication platform that is supposed to have rock solid security (no paradoxon here) and shall perform well.” I believe it all. However, the problem is that those of us who have gone with Indigo now have a big problem thats pretty hard to deal with. Full trust on Indigo forces most of the rest of the system to use Full Trust and that’s a real bad thing. My two friends, Robert and Tomas comment as well.
The suggestion on Doug’s blog to use an ASMX proxy makes little sense to me. Configuring a WCF Endpoint with BasicHttpBinding and proxying with an ASMX service proxy pretty much defeats the whole purpose of why we used Indigo in the first place. We aren’t basic Web Services only on http with only SOAP. Think WS-Security for instance or setting up a kind of direct peer connection between two banks for instance. You would want some kind of WS-Trust exchange and then perhaps a WS-SecureConversation. Indigo supports all these out of the box but with the WS and NetTcp bindings. It goes on. We want true Service Orientation and not just “Web Services.” As such, we want the ability to host Services in any CLR process. Indigo gives us that out of the box. We have been able to leverage Indigo in many such ways very seemlessly with very little code having to be writen (which is quite different from the WSE case). Moreover, it fit into a general WinFX story we were pursuing.
I am not a security expert but this seems to suggest to me that it will be nearly impossible or a waste to try to use partial trust in the rest of the system because it all goes in and out of Indigo anyhow. Thoughts?
Now playing: New Order - International - Bizarre Love Triangle (Extended Dance Mix)