Took part of the morning off this morning to let the sun shine down on the icy roads. No major incidents getting to work, though the office parking lot is like an ice rink.

• As mentioned yesterday, I finally got my STS implementation working with WCS. Turns out that using WCS with the wsFederatedHttp binding requires you to specify which claims you want to send to the service. In comparison, using WCS with wsHttpBinding automatically requests the PPID claim. It would be nice if this was documented somewhere. I only figured it out by finding this demo from Michele.
• Last week, I said that we need a better tool than SvcConfigEditor. This tool is only marginally better than hand-editing the config files with intellisense. A “real” tool would keep you from building invalid config files. While I appreciate the need for this level of flexibility at the transport layer, we really need a better web service hosting story than IIS + ASP.NET + web.config. WCF makes me long for the days of the MTS/COM+ GUI interface. I never wasted hours troubleshooting config issues with MTS/COM+.
• Apparently, Xbox 360 outsold Wii and PS3 combined in December. That’s probably more of a statement about PS3 and Wii shortages, but there’s no arguing with numbers like 10.4 million Xbox 360 consoles, 5 millions Xbox Live users, and nearly 3 million copies of Gears of War. Congrats to the Xbox team!
• David may be hiding from his blog of late, but he did venture out long enough to point me to SOA Facts. My favorite: Dante has a special level in hell for consultants whose resumes do not say SOA.

The news got the amount of snow right, but the day wrong. Instead of hitting yesterday morning, the storm hit yesterday at rush hour. My boss declaired today “1st Annual Architect work from home day” even though we’ve already had several weather induced work from home days this winter.

• Growing up in Northern VA, when we got snow it was fairly consistent. If there was about four inches at my house, everyone had about four inches. Here, it seems like there’s much more variance. My teammate Buzz who lives only 15 minutes from me (when it’s not snowing) said he had 10″ of snow while I have about half that.
• Speaking of Northern VA, the last few winters have been easy on us but hard on my parents who still live in McLean. This year seems to be the opposite. The forcast for McLean today is only 45, but it’s supposed to get up to 65 by the weekend.
• As it turns out, my parents are in the Bahamas right now anyway, so while I make a snowman with my kids today, they’re probably on the beach!
• I almost didn’t make it home yesterday as I was trying to get my STS working with CardSpace. I have WCS workng in a direct client to service scenario, but not federated with an STS. I probably would have stayed there all night saying “just one more config tweak, and I’m sure it will work” if I had gotten snowed in.
• Speaking of WCS, check out Kevin’s screencast on extending ASP.NET’s built in SQL membership provider to support WCS. And Garrett published a WCS security token processor for .NET 1.1 and 2.0 a couple of months ago. So you can use WCS on your website, even if you don’t have .NET 3.0 on your server. Pretty cool.
• My old teammate John doesn’t like the JBOWS acronym. I agree with John that defining a “proper” SOA is waste of time best left to SOAholes. But web services != SOA. Making a distinction between having an architecture where the business and IT levels that rely on independent capabilities and services versus using web services as the protocol between tiers of a distributed application and hoping that you’ll be able to integrate in the future makes sense to me.

I love me some CardSpace, but I sure wish there was better documentation on how to use it, especially from WCF. The current documentation is very conceptual so you really only have the samples to go on, which sucks not to put too fine a point on it.

One example shows how to use WCS with WCF’s wsHttpBinding. However, it turns out you can also use WCS with WCF’s wsFederationHttpBinding. I’ve been experimenting with that binding talking to an STS, and it’s never invoked the WCS UI before. Why does this example invoke WCS? I’m guessing because it doesn’t specify an issuer in the config file, but I’d need to see documentation to be sure.

Also, using the federation binding appears to be the only way to request/demand additional claims beyond the private personal identifier (aka the PPID). If you want the client’s email address, name, address, etc, you need to specify that via the claimTypeRequirements of the binding’s messagesecurity element. But that configuration isn’t valid for the wsHttp binding. Why?

Finally, the two bindings produce different results on the security token. Using wsHttp, you get three claims: RSA Identity, RDA Possess Property and PPID Possess Property. When using wsFederationHttp, you get Hash Possess Property and PPID Possess Property (plus the claims you request). What happened to the RSA claims? If you attempt to add RSA to the claimTypeRequirements, CardSpace throws an error as an invalid request. Again, why? Keith Brown recently wrote about how to use the RSA claim, so it sounds like a valuable piece of information to have. How come the federation binding doesn’t send it?