Chris Keyser just published an article on MSDN called "Managing Security Context Tokens in a Web Farm". Much needed information and one I'm personally very interested in.

I do have to ask one thing... does anyone have any sort of metrics or whatever for when it might be useful to implement such an optimization? (I guess the question rather goes all the way to the use of WS-SecureConversation, and not just plain WS-Security).

I ask this because in our current system (which currently hosts several webservices, though they don't currently use WSE), our current interaction pattern is where the front end system (out of our control, a workflow application, basically, but there are at least two other applications that could be in their position) does a bunch of requests to a few services on behalk of an end user (which we don't authenticate, that's their problem). There's no "conversation" per se, just a bunch of calls that might, or might not be related to each other (and there's actually no need for them all to be called, that depends on what you want to do). I'm just wondering if it would be a possible scenario...

Tomas Restrepo

Software developer located in Colombia. Sr. PFE at Microsoft.