I was having a discussion with Eric Nelson on his blog the other day. I was having a rant about requirements, which I think is one of the most vital aspects of software today.

For instance, I've been told by a number of developers that MVC is the 'correct' way to develop a web application. However, I disagree strongly with this.

I don't doubt that Model View Controller is very useful for certain applications. It is a valid design pattern for solving certain problems.

However, it's not 'the correct' way to develop a web application. The only thing that is correct is the requirements. If you use MVC, and it either hinders achieving the requirements, or it adds nothing to those requirements, than MVC is not the correct design pattern to follow. Simple as that.

There have been similar patterns used in security that added no value. I worked on a project three years ago that used WS-Security, because it was the latest 'cool thing'. At the end of the day, it added no value, as SSL matched the security requirements more efficiently.

So, when should you use WS-Security? I wrote an article recently that is on the MSDN Developer Security page.

The article matches requirements to technologies, and has been used by various clients as I was writing it. I hope you find it useful.