Securing Web Services with WS-Security: Demystifying WS-Security, WS-Policy, SAML, XML Signature, and XML Encryption

Jothy Rosenberg, David Remy0672326515, 9780672326516, 9780768663549

You know how to build Web service applications using XML, SOAP, and WSDL, but can you ensure that those applications are secure? Standards development groups such as OASIS and W3C have released several specifications designed to provide security – but how do you combine them in working applications? «Securing Web Services with WS-Security» will help you take your Web services securely to production, with insight into the latest security standards including – WS-Security, a model that defines how to put security specifications into practice – XML Encryption to ensure confidentiality – XML Signature to ensure data integrity – Security Assertion Markup Language (SAML) to authenticate and authorize users – WS-Policy to set policies across trust domains Jothy Rosenberg and David Remy, both business, technology, and security visionaries, demystify these standards with practical examples including a fully developed case study application showing these tools at work. A pragmatic approach is taken showing which Web Services Security standards are needed when faced with a variety of security challenges. The authors understand that security remains one of the largest remaining impediments to deploying major Web services in business-critical situations. The goal of this book is to begin to remove those impediments by providing a detailed understanding of all the available security technologies and how and when to employ them.