Securing Web Services with WS-Security: Demystifying WS-Security, WS-Policy, SAML, XML Signature, and XML Encryption

Add To My Wish List

Securing Web Services with WS-Security: Demystifying WS-Security, WS-Policy, SAML, XML Signature, and XML Encryption

By Jothy Rosenberg, David Remy
Published May 12, 2004 by Sams.
- Copyright 2004
- Dimensions: Special (all other)
- Pages: 408
- Edition: 1st
- Book
- ISBN-10: 0-672-32651-5
- ISBN-13: 978-0-672-32651-6

Description

Downloads

Extras

Sample Content

Updates

The most up to date, comprehensive, and practical guide to Web services security, and the first to cover the final release of new standards SAML 1.1 and WS-Security.

Comprehensive coverage and practical examples of the industry standards XML Signature and XML Encryption, and the first book to cover the final WS-Security and SAML 1.1 specifications.
Authors Jothy Rosenberg and David Remy are security experts who co-founded GeoTrust, the #2 Web site certificate authority and currently work for Service Integrity and BEA Systems, respectively.
According to IBM, American Express, Sun Microsystems, and other industry leaders, well-defined security standards and procedures are a crucial element to the adoption of web services in industry.

Downloads

All the code for the book in one file for download - 3,456 kb -- code.zip

Visit the author's Web site for a .NET Web service example:
http://www.serviceintegrity.com/products/pdf/downloadNET.html

Web Resources

Co-author Jothy Rosenberg has created six 20-minute lessons that walk you through the new security problems that Web services create and teach you how to monitor and enforce security policy.

View Lesson

Online Sample Chapters

The Foundations of Distributed Message-Level Security

Forewords.

Introduction.

Who This Book Is For. About This Book. How This Book Is Organized.

1. Basic Concepts of Web Services Security.

Web Services Basics: XML, SOAP, and WSDL. Application Integration. Security Basics. Web Services Security Basics. Summary.

2. The Foundations of Web Services.

The Gestalt of Web Services. XML: Meta-Language for Data-Oriented Interchange. SOAP: XML Messaging and Remote Application Access. WSDL: Schema for XML/SOAP Objects and Interfaces. UDDI: Publishing and Discovering Web Services. ebXML and RosettaNet: Alternative Technologies for Web Services. The Web Services Security Specifications. Summary.

3. The Foundations of Distributed Message-Level Security.

The Challenges of Information Security for Web Services. Shared Key Technologies. Public Key Technologies. Summary.

4. Safeguarding the Identity and Integrity of XML Messages.

Introduction To and Motivation for XML Signature. XML Signature Fundamentals. XML Signature Structure. XML Signature Processing. The XML Signature Elements. Security Strategies for XML Signature. Summary.

5. Ensuring Confidentiality of XML Messages.

Introduction to and Motivation for XML Encryption. XML Encryption Fundamentals. XML Encryption Structure. XML Encryption Processing. Using XML Encryption and XML Signature Together. Summary.

6. Portable Identity, Authentication, and Authorization.

Introduction to and Motivation for SAML. How SAML Works. Using SAML with WS-Security. Applying SAML: Project Liberty. Summary.

7. Building Security into SOAP.

Introduction to and Motivation for WS-Security. Extending SOAP with Security. Security Tokens in WS-Security. Providing Confidentiality: XML Encryption in WS-Security. Providing Integrity: XML Signature in WS-Security. Message Time Stamps. Summary.

8. Communicating Security Policy.

WS-Policy. The WS-Policy Framework. WS-SecurityPolicy. Summary.

9. Trust, Access Control, and Rights for Web Services.

The WS-* Family of Security Specifications. XML Key Management Specification (XKMS). eXtensible Access Control Markup Language (XACML) Specification. eXtensible Rights Markup Language (XrML) Management Specification. Summary.

10. Building a Secure Web Service Using BEA's WebLogic Workshop.

Security Layer Walkthrough. WebLogic Workshop Web Service Walkthrough. Summary.

Appendix A. Security, Cryptography, and Protocol Background Material.

The SSL Protocol. Testing for Primality. RSA Cryptography. DSA Digital Signature Algorithms. Block Cipher Processing. DES Encryption Algorithm. AES Encryption Algorithm. Hashing Details and Requirements. SHA1. Silvio Micali's Fast Validation/Revocation. Canonicalization of Messages for Digital Signature Manifests. Base-64 Encoding. PGP.

Glossary.

Index.

Errata

Note: You will need the Free Adobe Acrobat Reader to view the file(s) for the book. If you do not already have Acrobat installed on your machine, click the "Get Acrobat Reader" button to download and install.

Click on the links below to display the PDF file in a new window. Right-click on the link and select Save As if you want to download it to your hard drive.

0672326515errata.pdf (18 KB)

Book ~~$49.99~~ $44.99

Usually ships in 24 hours.

This book includes Instant Online Access with Safari and free shipping!

Instant Online Access with Safari Books Online

With your book purchase you are entitled to free, instant online access to that book on Safari Books Online for 45 days. After you've completed your purchase, you will receive instructions on how to log into Safari Books Online. If you do not want to receive online access to the book, simply uncheck the box for Instant Online Access in your cart.

Save more by becoming a member.
Request an Instructor or Media review copy.
Corporate, Academic, and Employee Purchases
International Buying Options

What is this?

Online access to books, videos, and tutorials from Addison Wesley, Prentice Hall, Cisco Press, IBM Press, O'Reilly Media and others - starting as low as $22.99. Learn more and start a free trial.

Other Things You Might Like

	JavaScript by Example, Rough Cuts, 2nd Edition By Ellie Quigley Feb 5, 2010 $35.99
	Cryptography and Network Security: Principles and Practice, 5th Edition By William Stallings Jan 14, 2010 $97.20
	Implementing SOA Using Java EE By B.V. Kumar, Prakash Narayan, Tony Ng Dec 23, 2009 $49.49