William Tay has come across a scenario which is supported in WSE 2.0 but not in WCF (Windows Communication Foundation). It has got to do with encrypting entire SOAP message bodies as opposed to individual elements within the payload. You should refer to William’s blog post for more background.
Unfortunately I can’t use Indigo at the moment with the build of Visual Studio 2005 that I am running to see if I can workaround the issue but I am going to assume there isn’t one – so this is more of a discussion of the pros and cons of supporting such a feature in WCF.
William doesn’t try to make a case for performance, but he does point out that only encrypting a portion of the soap:Body can reduce payload size. On smaller messages this optimisation would have less of a relative impact because the WS-Security headers that get placed in soap:Header element. On larger messages however the xenc:Encrypted data element can blow out the message size quite dramatically so you need to do the math and figure out where this sweet spot is for your particular message.
My question is – where do you apply meta-data to make this optimisation? It doesn’t feel right putting it on a DataContract – those should be somewhat abstracted from this transport level optimisation. So what about on a MessageContract? It is probably the right level in the abstraction to factor something like that in – but if you forced anyone to go any deeper it might be a case of a leaky abstraction.