I am wondering, if it is possible to use encrypted webservices in WP7, that do not rely on HTTPS for encryption? Can WP7 support the ws-security standards for encrypted SAML based XML messages, which are used in SOAP webservices?

In general, SOAP and REST are supported in WP7. JSON can be used to some extend. They all can be used encrypted with HTTPS using SSL/TLS. However I’m asking myself if its possible to encrypt the SAML messages in SOAP, so that the payload is encrypted without using HTTPS. So far this is possible using the ws-security standards.

ws-security relies on x509 certificates, which as far as I can tell, are only supported up to a certain degree in WP7. I can add certificates and trust them, either via mail or webbrowser. But I cannot use them inside my applications to enable secured connections or even authentication through certificates.

I would be really thankful, if you could provide me with links or example code for proof 🙂

Edit: I forgot some of the links for tutorials and tips I already read:

• Encrypting SOAP Messages Using Web Services Enhancements – Outdated, Year 2003, but comes close to what I’m looking for, with Code Examples. But WP7 features only a subset of the used namespaces…
• Authentication in WP7 client with REST Services–Part II – This is just for authentication and REST services
• Claims Based Identity & Access Control Guide – Again Access control and identity
• Using the ASP.NET Membership Provider and Authentication Service from Windows Phone 7 – again only authentication
• Windows Phone 7 and WS-Trust – ws-trust is also only a subset of ws-security. It’s getting closer, but it relies on Identity Training Kit to WP7. I thought of something that does not require any external libraries
• How to get SAML token from ADFS 2.0 – ends up in the link from above
• Networking in Silverlight for Windows Phone – general information on networking and possible methods for calling methods over network