How will WSE 2 clients interop with WSE 1 services which require UsernameToken and X509SecurityToken? Will it work, or am I required to upgrade my service as well?

WSE 1.0 and WSE 2.0 do not interop today using WS-Security: WSE 1.0 uses the 2002/07/secext namespace and WSE 2.0 uses 2002/12/secext (or an early draft of the OASIS WSS specification). Generally, you will have to upgrade your clients and servers in sync, or use different endpoints for different clients.

This is the nature of WSE: we move as fast as we can to track the latest changes to the specifications and provide advanced functionality. Between major releases of the product we make breaking changes both at the API level and the wire level.

Sorry for asking a question here that is not related to the content of the post at all... Maybe it would be good if you provided a seperate method on your homepage where we could ask questions directly?

Ok, here is the question: Could you please comment on gzip compression for the http transport? There are a number of implementations out in the wild, do you intend to integrate that at some point into the platform? It would be fantastic if you could also comment on gzip compression for the request message, not only for the response. Thanks a lot!

Oh, and one more point (again not related...): One is required to provide an email adress to post to the comment, which is fine. But then that email appears on the public site, which will eventually lead to some spammers finding it. Maybe you could provide an option so that one doesn't have to disclose once email to the public if one wants to post?

David, regarding e-mail addresses - if you enter a URL then the comments will contain that not your e-mail address. Alternatively you can do what you have been doing and use a "nospam" address.

Hervey, What's the magic to switch on "OASIS WSS" mode in WSE 2.0 Tech Preview?