Mastering Web Services Security

Free Download

Authors:

Edition: 1

ISBN: 9780471267164, 0-471-26716-3

Size: 3 MB (3593945 bytes)

Pages: 463/463

File format:

Language:

Publishing Year:

Category:

Bret Hartman, Donald J. Flinn, Konstantin Beznosov, Shirley Kawamoto9780471267164, 0-471-26716-3

* Uncovers the steps software architects and developers will need to take in order to plan and build a real-world, secure Web services system * Authors are leading security experts involved in developing the standards for XML and Web services security * Focuses on XML-based security and presents code examples based on popular EJB and .NET application servers * Explains how to handle difficult-to-solve problems such as passing user credentials and controlling delegation of those credentials across multiple applications * Companion Web site includes the source code from the book as well as additional examples and product information

Table of contents :
@Team LiB……Page 0
Mastering Web Services Security……Page 2
Cover……Page 1
Copyright……Page 3
Acknowledgments……Page 6
Foreword……Page 8
Contents……Page 12
Introduction……Page 20
Overview of the Book and Technology……Page 22
How This Book Is Organized……Page 23
Who Should Read This Book……Page 26
Summary……Page 27
CHAPTER 1 Overview of Web Services Security……Page 28
Web Services Overview……Page 29
Web Services Architecture……Page 30
Security as an Enabler for Web Services Applications……Page 31
New Security Responsibilities……Page 32
Risk Management Holds the Key……Page 33
Information Security: A Proven Concern……Page 34
Securing Web Services……Page 35
Web Services Security Requirements……Page 36
Providing Security for Web Services……Page 37
Unifying Web Services Security……Page 39
EASI Requirements……Page 40
EASI Solutions……Page 41
EASI Framework……Page 42
EASI Benefits……Page 45
Business Scenario……Page 46
Scenario Security Requirements……Page 49
Summary……Page 50
Distributed Computing……Page 52
Distributed Processing across the Web……Page 54
Web Services Pros and Cons……Page 56
Extensible Markup Language……Page 57
Supporting Concepts……Page 59
SOAP……Page 63
SOAP Message Processing……Page 64
Message Format……Page 66
SOAP Features……Page 71
SOAP Usage Scenarios……Page 72
Universal Description Discovery and Integration……Page 73
WSDL……Page 75
Other Activities……Page 77
Other Standards……Page 78
Summary……Page 79
CHAPTER 3 Getting Started with Web Services Security……Page 80
Security Fundamentals……Page 81
Cryptography……Page 83
Authentication……Page 85
Authorization……Page 90
Walk- Through of a Simple Example……Page 91
Example Description……Page 92
Security Features……Page 93
Limitations……Page 94
Summary……Page 97
Public Key Algorithms……Page 100
Encryption……Page 101
Digital Signatures……Page 105
Public Key Certificates……Page 107
Certificate Format……Page 109
Public Key Infrastructure……Page 110
XML Encryption……Page 112
XML Signature……Page 115
WS- Security……Page 122
Functionality……Page 123
Example……Page 124
Summary……Page 125
CHAPTER 5 Security Assertion Markup Language……Page 126
What Is SAML?……Page 127
How SAML Is Used……Page 128
the SAML Specification……Page 131
Security Problems Solved by SAML……Page 132
A First Detailed Look at SAML……Page 134
Common Portion of an Assertion……Page 136
Statements……Page 139
SAML Protocols……Page 143
SAML Request……Page 144
SAML Response……Page 148
Profiles……Page 149
Shibboleth……Page 154
Privacy……Page 155
Single Sign- on……Page 156
WS- Security……Page 157
Summary……Page 158
Web Services Example……Page 160
Authentication Requirements……Page 162
Options for Authentication in Web Services……Page 164
System Characteristics……Page 168
Authentication for ePortal and eBusiness……Page 170
Data Protection Requirements……Page 172
Options for Data Protection in Web Services……Page 173
System Characteristics……Page 174
Authorization Requirements……Page 177
Options for Authorization in Web Services……Page 180
System Characteristics……Page 181
eBusiness Authorization……Page 182
Summary……Page 183
CHAPTER 7 Security of Infrastructures for Web Services……Page 184
Security and the Client/ Server Paradigm……Page 185
Security and the Object Paradigm……Page 187
What All Middleware Security Is About……Page 188
TSS, and Secure Channel……Page 190
How Middleware Systems Implement Security……Page 191
Distributed Security Administration……Page 201
Enforcing Fine- Grained Security……Page 202
CORBA……Page 203
How CORBA Works……Page 204
TSS, and Secure Channel……Page 206
Implementation of Security Functions……Page 209
Administration……Page 213
Enforcing Fine- Grained Security……Page 214
How COM+ Works……Page 215
TSS, and Secure Channel……Page 219
Implementation of Security Functions……Page 220
Administration……Page 222
Enforcing Fine- Grained Security……Page 223
.NET Framework……Page 224
How .NET Works……Page 226
.NET Security……Page 230
J2EE……Page 234
How EJB Works……Page 235
TSS, and Secure Channel……Page 237
Implementation of Security functions……Page 239
Administration……Page 240
Enforcing Fine- Grained Security……Page 243
Summary……Page 244
IIS Security Mechanisms……Page 246
Authentication……Page 247
Protecting Data in Transit……Page 248
Logging……Page 249
Creating Web Services with Microsoft Technologies……Page 251
Creating Web Services out of COM+ Components……Page 252
Components Using SOAP Toolkit……Page 253
Creating Web Services with .NET Remoting……Page 255
Creating Web Services Using ASP. NET……Page 256
Implementing Access to eBusiness with ASP.NET Web Services……Page 260
Authentication……Page 262
Data Protection……Page 270
Access Control……Page 271
Audit……Page 278
Securing Access to eBusiness……Page 283
Summary……Page 284
CHAPTER 9 Securing Java Web Services……Page 286
Using Java with Web Services……Page 287
Traditional Java Security Contrasted with Web Services Security……Page 288
Data Protection……Page 289
How SAML Is Used with Java……Page 290
JSR Compliance……Page 292
Authentication……Page 293
Java Tools Available for Web Services……Page 294
Sun FORTE and JWSDP……Page 295
IBM WebSphere and Web Services Toolkit……Page 296
Systinet WASP……Page 297
Example Using WASP……Page 298
Example Using JWSDP……Page 307
Summary……Page 311
CHAPTER 10 Interoperability of Web Services Security Technologies……Page 314
The Security Interoperability Problem……Page 315
Between Security Tiers……Page 316
Layered Security……Page 317
Perimeter Security……Page 318
Mid- Tier……Page 321
Authentication……Page 324
Security Attributes……Page 325
Authorization……Page 327
Maintaining the Security Context……Page 328
Handling Delegation in Web Services……Page 329
Client Use of EASI……Page 332
Securing the Example……Page 334
Framework Authentication……Page 335
Framework Authorization……Page 337
Example Using JWSDP……Page 338
What Problems Should an EASI Framework Solve?……Page 344
Making Third- Party Security Products Work Together……Page 345
Federation……Page 346
Liberty Alliance……Page 347
Summary……Page 349
Introducing Security Administration……Page 352
The Security Administration Problem……Page 353
Administering Access Control and Related Policies……Page 354
Using Attributes Wisely……Page 355
Taking Advantage of Role- Based Access Control……Page 356
Delegation……Page 368
Authentication Administration……Page 370
How Rich Does Security Policy Need to Be?……Page 371
Administering Data Protection……Page 372
Administration Play Well Together……Page 373
Summary……Page 374
CHAPTER 12 Planning and Building a Secure Web Services Architecture……Page 376
Security Must Be In Place……Page 377
What Is Security?……Page 378
Building Trustworthy Systems……Page 379
Security Evolution-Losing Control……Page 381
EASI Principles for Web Services……Page 382
Security Architecture Principles……Page 383
Security Policy Principles……Page 384
Determining Requirements……Page 385
ePortal Security Requirements……Page 387
eBusiness Security Requirements……Page 389
Nonfunctional Requirements……Page 391
Overview of ePortal and eBusiness Security Architectures……Page 393
Applying EASI……Page 396
ePortal EASI Framework……Page 397
Addressing ePortal Requirements……Page 399
eBusiness EASI Framework……Page 402
Addressing eBusiness Requirements……Page 405
Deploying Security……Page 408
Perimeter Security……Page 409
Mid- Tier Security……Page 411
Back- Office Security……Page 412
Self- Administration……Page 413
Large- Scale Administration……Page 414
Storing Security Policy Data……Page 415
Security Gotchas at the System Architecture Level……Page 418
Performance……Page 419
Summary……Page 420
Glossary……Page 422
References……Page 442
A……Page 450
C……Page 452
D……Page 453
E……Page 454
I……Page 456
J……Page 457
N……Page 458
P……Page 459
S……Page 460
W……Page 462
X……Page 463

Reviews

There are no reviews yet.

Be the first to review “Mastering Web Services Security”
Shopping Cart
Scroll to Top