Chapter 1. SOA requires new approaches to security
Chapter 2. Getting started with web services
Chapter 3. Extending SOAP for security
Figure 3.10. Headers are often utilized to enable common services such as security and billing.
Chapter 4. Claiming and verifying identity with passwords
Figure 4.6. Sequence diagram showing the inner workings of JAAS.
Figure 4.7. Overview of the server-side implementation
Figure 4.8. Authentication with password digests
Figure 4.9. Overview of a username/password digest-based authentication scheme.
Chapter 5. Secure authentication with Kerberos
Figure 5.4. A KDC can act as a “broker” that supplies a session key.
Figure 5.5. Refinement of the KDC idea.
Figure 5.9. Overview of the implementation of a Kerberos-based authentication scheme
Chapter 6. Protecting confidentiality of messages using encryption
Chapter 7. Using digital signatures
Figure 7.7. High-level overview of an XML signature used to protect the integrity of a SOAP message.
Chapter 8. Implementing security as a service
Chapter 9. Codifying security policies
Figure 9.3. Use of security policies at runtime to achieve interoperability between any two parties.
Figure 9.11. Sample interaction that satisfies the SymmetricBinding assertion shown in listing 9.6.
Figure 9.12. Sample interaction that matches the AsymmetricBinding assertion shown in listing 9.7
Chapter 10. Designing SOA security for a real-world enterprise
Figure 10.15. Example deployment architecture for securing services offered to the public.
Appendix A. Limitations of Apache Axis
Appendix D. Securing SAML assertions
Appendix E. Application-Oriented Networking (AON)
3.146.176.88