Metro Web Services Security Usage Scenarios
TS-4402

Metro is an advanced Web services stack. It provides transactions, reliable messaging, security, large attachment optimizations, and so on. The most used feature of Metro is security. It comprises streaming encryption/signatures, secure conversation, and trust -- each with many options. To simplify security usage, Metro provides 13 security profiles that cover the most-used cases.

This session provides information on which profiles apply to which use cases and when to change the options for each profile from their default settings. It demonstrates information such as the following:

Choosing a profile according to the following criteria (including use cases):

• Type of security: transport or message level
• Type of client credentials: user name/password, X.509 certificate, SAML assertion, Kerberos ticket, or issued token from a third-party trust authority
• The role the client credential plays in securing the messages

It also presents an example profile of mutual certificates security:

Use case: Use when messages must pass through intermediaries and both sides have X.509 certificates (typical for service-to-service communication).

Options: If the message body is signed and encrypted, select "Encrypt Signature," because the signature contains a digest of the body that can be used to obtain information. Encrypting the signatures protects this information.