I'm back...
Ok, I admit I've been slippin' with the whole weblog as of late. I was pretty busy for the better part of last month putting together our first web service which went live just about a week ago. I called it the Mimeo Simple Order Request (SOR) API. It exposes only a small subset of what is truly capable within our system's internals. As the name suggests, the API enables authorized accounts to place simple orders with our system and query the status and package tracking information of those orders. This project came around rather quickly and needed to be finished in a short amount of time. I literally had the WSDL and XML Schema for the project done in about two days, with only minor tweaks over the course of the next two weeks. We used ASP.NET, of course, coupled with the WSE SDK for the implementation. The WSE SDK was leveraged mainly for its implementation of WS-Security, although some of the other features (e.g. tracing) also came in quite handy. I chose WS-Security over a custom authentication scheme because I wanted a standard that I could just point developers from other companies at when they need to write clients to communicate with the service. Plus, why re-invent the wheel?
It was a super smooth experience. There's one thing that I just have to make a point of and that's that I completely agree with the whole "WSDL First!" movement. The best thing to do is forget about (ASP).NET when you're designing the API and think in terms of pure XML messaging. Once you've got that nailed down, then you can worry about how it maps into (ASP).NET.