I'm still thinking about the Turnkey Security Scenarios I saw demonstrated by Mark Fussell at TechEd as part of the WSE3* overview. Mark is the Program Manager on the WSE team at Microsoft. I guess I had really gotten used to policy and coding it up (though hardly by hand and I haven't done any of the insane interop stuff that Michele Leroux Bustmante, John Bristowe and others get into). I look at these scenerios as too canned and wizard-y for me, but suppose that they are intended to make a big difference in terms of ease of adoption for WSE3. So I will be spending a LOT of time with WSE3 very soon. I have an article and a presentation to prepare - both good tools to be sure I have committed myself to working with something that I want and need to learn! (Aha! - now you know my secret.) I used to be afraid of WSE and therefore have been adamant about trying to show people that it is NOT scary and is an incredibly valuable tool, most especially for security.
You can read some info on the Turnkey assertions as well as what else is new in WSE3 in the release notes here. There is much more detailed information in the documentation that is installed with the SDK.
*WSE3= Web Services Enhancements 3.0 [Community Technical Preview]. WSE3 is an API for Visual Studio 2005 which enables developers to implement many of the WS-* specifications in their applications without having to type lots of nasty angle brackets.