Hi RBisch,
In spite of the OS or protocal related security means, such as integrated
windows
or using SSL, the WSE make use of the WS-SECURITY which is a standared soap
message based
security framework. In fact , it is a certain SoapExtension based on the
asp.net webservice fundamental.
we can speicfy credential tokens or encrypt the soap message's certain part
(some elements) by the provided interfaces.
And as for the role-based, this is the .net framework's code access
feature, we can also integrated it in our serverside code(define our own
roles and do checking in code level(via declared attributes) or manually
checking in code at runtime. provide a article disussing on
the WSE andWS-SECURITY
#WS-Security and WSE
http://www.sys-con.com/dotnet/articleprint.cfm?id=300
Also, I think the deployment won't be the problem since all the WSE is also
published as some managed assemblies which can be deployed together with
your webservice assemblies and resources.
Regards,
Steven Cheng
Microsoft Online Support
Get Secure!
www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)