0%

Book Description

SOA is one of the latest technologies enterprises are using to tame their software costs - in development, deployment, and management. SOA makes integration easy, helping enterprises not only better utilize their existing investments in applications and infrastructure, but also open up new business opportunities. However, one of the big stumbling blocks in executing SOA is security. This book addresses Security in SOA with detailed examples illustrating the theory, industry standards and best practices. It is true that security is important in any system. SOA brings in additional security concerns as well rising out of the very openness that makes it attractive. If we apply security principles blindly, we shut ourselves of the benefits of SOA. Therefore, we need to understand which security models and techniques are right for SOA. This book provides such an understanding.
Usually, security is seen as an esoteric topic that is better left to experts. While it is true that security requires expert attention, everybody, including software developers, designers, architects, IT administrators and managers need to do tasks that require very good understanding of security topics. Fortunately, traditional security techniques have been around long enough for people to understand and apply them in practice. This, however, is not the case with SOA Security. Anyone seeking to implement SOA Security is today forced to dig through a maze of inter-dependent specifications and API docs that assume a lot of prior experience on the part of readers. Getting started on a project is hence proving to be a huge challenge to practitioners. This book seeks to change that. It provides bottom-up understanding of security techniques appropriate for use in SOA without assuming any prior familiarity with security topics on the part of the reader. Unlike most other books about SOA that merely describe the standards, this book helps you get started immediately by walking you through sample code that illustrates how real life problems can be solved using the techniques and best practices described in standards. Whereas standards discuss all possible variations of each security technique, this book focusses on the 20% of variations that are used 80% of the time. This keeps the material covered in the book simple as well as self-sufficient for all readers except the most advanced.

Table of Contents

  1. Copyright
  2. Dedication
  3. Brief Table of Contents
  4. Table of Contents
  5. Preface
  6. Acknowledgments
  7. About this Book
  8. Part I. SOA basics
  9. Chapter 1. SOA requires new approaches to security
  10. Chapter 2. Getting started with web services
  11. Chapter 3. Extending SOAP for security
  12. Part II. Building blocks of SOA security
  13. Chapter 4. Claiming and verifying identity with passwords
  14. Chapter 5. Secure authentication with Kerberos
  15. Chapter 6. Protecting confidentiality of messages using encryption
  16. Chapter 7. Using digital signatures
  17. Part III. Enterprise SOA security
  18. Chapter 8. Implementing security as a service
  19. Chapter 9. Codifying security policies
  20. Chapter 10. Designing SOA security for a real-world enterprise
  21. Appendix A. Limitations of Apache Axis
  22. Appendix B. WS-SecureConversation
  23. Appendix C. Attaching and securing binary data in SOAP
  24. Appendix D. Securing SAML assertions
  25. Appendix E. Application-Oriented Networking (AON)
  26. Index
  27. List of Figures
  28. List of Tables
  29. List of Listings
3.145.35.247