When I first saw the Turnkey Security Scenarios in WSE3, I was a bit skeptical as I thought it was more wizards. I hate wizards. I have now seen the light, thanks to Sidd Shenoy's awesome WSE 3.0 Policy presentation that is online.
Policy is just so completely different in WSE3 than it was in WSE2. I'm used to things related to Web Services being a little confusing, so I accepted the tangled mess of WSE2 policy and just made myself learn it, though I know I only scratched the surface.
But it wasn't me - it *was* confusing and they have completely revised it, though for a number of reasons in addition to its complexity. There are a bunch of significant differences. First for me is that policies are no longer defined by endpoints. One side benefit is that the mystical problem of a case-sensitive endpoint being altered somewhere along the wire and then not working will disappear. I had this happen when one of the domain servers on our network was shutdown. Made no sense. Now policies have names and you explicitly apply them in code (on the client side) or declaritively (in your web service).
Policies are very cleanly structured XM and a whole heck of alot easier to read than in WSE2! A policy contains assertions. Each assertion contains a set of filters - actions to be taken on messages that are either outgoing from the client, incoming to the client, outgoing from the service or incoming from the service. In WSE2, we had to define these actions very granularly and the rules for requests and responses were totally unrelated. You had to consider very carefully what you wanted to do so that you chose the correct optoins to create a policy file. Now, rather than writing these rules separately, we write them as a group - defined by the full round trip scenario. And because of that, it makes perfect sense that there are a bunch of very common scenarios that will cover most needs of most businesses. And those common scenarios have been precomposed for us.
And that's why I have seen the light and now realize that the Turnkey Security Scenarios are goodness!
For more details on WSE3, you can watch the presentation videos from the Spring 2005 SDR, read Mark Fussell's WSE3 overview article or just download the SDK and get working on it!