After my session was finished, I went over to see Payam do his Windows Communication Foundation: Building Secure Services session. I was a little late to this one, but it was a great overview of what you can do with WCF and security.
Given that I haven’t had a lot to do with certificates etc, that part of the session was interesting. It’s good so see that in WCF there are a lot of security options available. I like the fact that you can encrypt parts of a message rather than taking the hammer approach and encrypting everything.
I think it was good that Payam make a clear distinction between scenarios where you want either no security, want to ensure that the message hasn’t been tampered with or where you don’t want someone to read part or all of a message. I suspect that most people put message tampering and encryption into the same box but they really are different levels of security.