I'll put aside the SODA vs. Web Application issue and first concentrate on how to create a new application in HealthVault. There are some instructions
here, but they are getting a little dated. You can create new applications directly in a self service web page bypassing Application Manager completely. Navigate to
https://config.healthvault-ppe.com, login and create your application. Upload your public key and your application is live in the Pre-Production Site (PPE).
Now I'll talk a little about SODA vs. Web Applications:
Soda (Software on Device Architecture -- a bit of a stretch in the acronym department) applications are meant to run on devices such as PCs, mobile phones, whatever. Typically, these applications service a small number of users and quite often just
a single user. The applications are identified via a shared secret and do not use PKI. The user must log into HealthVault a single time to authorize the application. Soda applications must then query HealthVault for their authorized users
and/or store the users ids locally. Authorization happens out of band from the application.
When creating a SODA application in HealthVault, first a SODA master application must be registered via https://config.healthvault-ppe.com. This application is never directly authorized, but serves as a configuration repository for all SODA applications
created from it. Each SODA application on each device will have it's own distinct application identifier.
Web Applications typically serve N users. They authenticate themselves with HealthVault via PKI. Users interact with HealthVault and the Web Application interactively--online. Online access means the application is authenticated and possesses
an authentication token, and the user has authenticated to HV and their authentication token has been forwarded to the Web Application. The two authentication tokens together allow the Web Application to access the user's data.
If the Web Application has been authorized for offline mode, the application does not need to present a user's authentication token to HV and instead simply provides the user's person-id.
I hope this helps,