A couple of weeks ago I spoke at the Software Architect 2007 conference at the Barbican. There were a lot of very well known presenters and authors (such as Dominick Baier and Dino Esposito), and it was a great honour to be speaking alongside these distinguished people.

Whilst there, I got into a very interesting discussion about WS-* (someone there called it WS-Death Star - I don't think he was a fan...). A lot of comparisons were made between WS-* and Rest.

My feeling is that, at present, WS-* is more mature from a security perspective. Many standards are available to use when securing Rest based web services (such as XML encryption), but there's still a lot of implementation for developers. The great thing about WS-Security is that it is configurable by policy, rather than having to reinvent the wheel each time (by writing code). I'm a big fan of configuring security rather than coding it, as there's less room for mistakes.

I'm just about to do my talk at the Barbican, so I figured I'd better get the slides onto my blog ready for everyone to download.

If you've just seen the presentation, I hope you enjoyed it.

PS. Code from the talk is now attached to this post also.