book

Core Security Patterns: Best Practices and Strategies for J2EE™, Web Services, and Identity Management

Name: Core Security Patterns: Best Practices and Strategies for J2EE™, Web Services, and Identity Management
ISBN: 0131463071

by Christopher Steel, Ramesh Nagappan, Ray Lai

October 2005

Intermediate to advanced

1088 pages

24h 19m

English

Pearson

Read now

Unlock full access

Copyright
Dedication
Praise for Core Security Patterns
Prentice Hall Core Series
Foreword
Foreword
Preface
What This Book Is AboutWhat This Book Is NotWho Should Read This Book?How This Book Is OrganizedPart I: IntroductionChapter 1: Security by DefaultChapter 2: Basics of SecurityPart II: Java Security Architecture and TechnologiesChapter 3: The Java 2 Platform SecurityChapter 4: Java Extensible Security Architecture and APIsChapter 5: J2EE Security ArchitecturePart III: Web Services Security and Identity ManagementChapter 6: Web Services Security–Standards and TechnologiesChapter 7: Identity Management–Standards and TechnologiesPart IV: Security Design Methodology, Patterns, and Reality ChecksChapter 8: The Alchemy of Security Design–Security Methodology, Patterns, and Reality ChecksPart V: Design Strategies and Best PracticesChapter 9: Securing the Web Tier–Design Strategies and Best PracticesChapter 10: Securing the Business Tier–Design Strategies and Best PracticesChapter 11: Securing Web Services–Design Strategies and Best PracticesChapter 12: Securing the Identity–Design Strategies and Best PracticesChapter 13: Secure Service Provisioning–Design Strategies and Best PracticesPart VI: Putting It All TogetherChapter 14: Building an End-to-End Security Architecture–Case StudyPart VII: Personal Identification Using Smart Cards and BiometricsChapter 15: Secure Personal Identification Using Smart Cards and BiometricsCompanion Web SiteFeedback
Acknowledgments
Chris SteelRamesh NagappanRay Lai
About the Authors
I. Introduction
1. Security by Default
Business Challenges Around SecurityWhat Are the Weakest Links?The Network ServicesThe Host Operating System (OS)The Application or ServiceThe Impact of Application SecurityCritical Application Security Flaws and ExploitsInput Validation FailuresOutput SanitationBuffer OverflowData Injection FlawCross-Site Scripting (XSS)Improper Error HandlingInsecure Data Transit or StorageWeak Session IdentifiersWeak Security TokensWeak Password ExploitsWeak EncryptionSession TheftInsecure Configuration DataBroken AuthenticationBroken Access ControlPolicy FailuresAudit and Logging FailuresDenial of Service (DOS) and Distributed DOS (DDOS)Man-in-the-Middle (MITM)Multiple Sign-On IssuesDeployment ProblemsCoding ProblemsThe Four W’sWhich Applications Are We Protecting?Who Are We Protecting the Applications From?Where Should We Protect Them?Why Are We Protecting Them?Strategies for Building Robust SecurityUnified Process for Security DesignDesign PatternsBest PracticesReality ChecksProactive AssessmentProfilingDefensive StrategiesRecovery and Continuity StrategiesProactive and Reactive SecurityThe Importance of Security ComplianceSarbanes-Oxley ActGramm-Leach-Bliley ActHIPPAThe Children’s Online Privacy Protection ActEU Directive on Data ProtectionCalifornia’s Notice of Security Breach (1798.29)Security Compliance in Other CountriesThe Importance of Identity ManagementIdentity Provisioning ServicesIdentity Data Synchronization ServicesAccess Management ServicesFederation ServicesDirectory ServicesAuditing and Reporting ServicesSecure Personal IdentificationPersonal Identification and AuthenticationSmart Card IdentityThe Role of Smart Cards in Personal IdentificationBiometric IdentityThe Role of Biometric Identity in Secure IdentificationRFID-Based IdentityThe Role of RFID in Secure IdentificationThe Importance of Java TechnologySecurity in the Java PlatformMaking Security a “Business Enabler”Case 1–Justifying Identity and Access ManagementCase 2–Justifying Proactive Security ApproachesAssumptionsCase 3–Justifying Security ComplianceSummaryReferences

2. Basics of Security
Security Requirements and GoalsConfidentialityIntegrityAuthenticationAuthorizationNon-RepudiationThe Role of Cryptography in SecurityCryptographic AlgorithmsOne-Way Hash Function AlgorithmsSymmetric CiphersAsymmetric CiphersDigital SignatureDigital CertificatesThe Role of CA in Issuing CertificatesThe Role of CA in Revocation of CertificatesUsing Certificate Revocation Lists (CRL)Using the Online Certificate Status Protocol (OCSP)The Role of Secure Sockets Layer (SSL)Transport Layer Security (TLS)Security Issues with SSL/TLSThe Importance and Role of LDAP in SecurityThe Role of LDAP in J2EECommon Challenges in CryptographyRandom Number GenerationKey ManagementCertificate Revocation IssuesTrust ModelsThreat ModelingIdentity ManagementSingle Sign-on (SSO)SSO through a PortalCross-Domain SSOHow It WorksFederated SSOCross-Domain FederationsSummaryReferences
II. Java Security Architecture and Technologies
3. The Java 2 Platform Security
Java Security ArchitectureThe Java Virtual Machine (JVM)The Java LanguageJava Built-in Security ModelJava 2 Security ModelJava Applet SecuritySigned AppletsJava Web Start SecurityJWS Security ModelJNLP Settings for SecurityJava Security Management ToolsJava KeystoreKeytoolSmart Cards and Cryptographic Devices Based KeystoresPolicytoolJarsignerSigning a JAR fileVerifying a Signed JARJ2ME Security ArchitectureJ2ME ConfigurationsCDCCLDCJ2ME ProfilesUnderstanding MIDP and MIDletsMIDlet SecurityTrusted MIDletsSigned MIDlet SuiteJava Card Security ArchitectureUnderstanding Smart CardsSmart Card ComponentsJava Card Technology in Smart CardsJava Card Runtime Environment and APIsJava Card Platform Security ModelJava Card AppletsJava Card Applet Development and InstallationJava Card Applet SecurityJava Card Development KitSecuring the Java CodeReverse Engineering: Disassembling and DecompilingCode ObfuscationSummaryReferences
4. Java Extensible Security Architecture and APIs
Java Extensible Security ArchitectureJava Cryptography Architecture (JCA)JCA Cryptographic ServicesJCA Cryptographic Service ProviderJCA Classes and InterfacesJCA Provider ClassesJCA Engine ClassesUnderstanding JCA API Programming ModelMessage DigestsComputing a Message Digest ObjectKey Pair GenerationDigital Signature GenerationJava Cryptographic Extensions (JCE)JCE Cryptographic Service ProviderJCE Classes and InterfacesJCE Provider classesJCE Engine classesUnderstanding the JCE API Programming ModelEncryption and DecryptionUsing Block CiphersUsing Stream CiphersSealed ObjectPassword-Based Encryption (PBE)Advanced Encryption Standard (AES)Computing Message Authentication Code (MAC) objectsUsing Key Agreement ProtocolsJCE Hardware Acceleration and Smart Card SupportInstalling PKCS#11Using Smart Cards as Java Key StoresConfiguring a Smart card as a Java KeystoreUsing Keytool and Jarsigner with Smart Card TokensStrong versus Unlimited Strength CryptographyJava Certification Path API (CertPath)Java CertPath–Classes and InterfacesJava CertPath API Programming ModelCreate a Certificate Chain Using CertPathValidate a Certificate Chain Using CertPathJava Secure Socket Extension (JSSE)JSSE Provider (SunJSSE)JSSE Classes and InterfacesUnderstanding the JSSE API Programming ModelSecure Socket Connection Using SSLJSSE Client-side CommunicationJSSE Server-side CommunicationMutual AuthenticationHTTP Over SSL (HTTPS) Using JSSESetting Timeouts in a URLConnectionProxy TunnelingHost Name Verification Using JSSESSLEngine and Non-Blocking I/OUsing the SSLEngineJava Authentication and Authorization Service (JAAS)JAAS Classes and InterfacesCommon ClassesAuthentication ClassesAuthorization ClassesUnderstanding the JAAS API Programming ModelJAAS AuthenticationImplementing a JAAS LoginModuleConfiguring JAAS LoginModule ProvidersConfiguring JAAS LoginModule for an applicationImplementing JAAS Authentication in a ClientJAAS AuthorizationImplementing JAAS AuthorizationSingle Sign-On (SSO) Using the JAAS Shared StateJava Generic Secure Services API (JGSS)Comparing JGSS with JSSE and JAASSimple Authentication and Security Layer (SASL)Java SASLJava SASL–API OverviewInstalling Java SASLClient MechanismsServer MechanismsSummaryReferences
5. J2EE Security Architecture
J2EE Architecture and Its Logical TiersJ2EE Security DefinitionsJ2EE Security InfrastructureJ2EE Container-Based SecurityDeclarative SecurityProgrammatic SecurityJ2EE AuthenticationContainer-Based AuthenticationHTTP Basic AuthenticationForm-Based AuthenticationClient/Server Mutual AuthenticationHTTP Digest AuthenticationApplication-Based AuthenticationAgent-Based AuthenticationProtection DomainsJ2EE AuthorizationDeclarative AuthorizationProgrammatic AuthorizationJava Authorization Contract for Client Containers (JACC)Transport Layer SecurityJ2EE Component/Tier-Level SecurityUsers, Groups, Roles, and RealmsWeb- or Presentation-Tier SecurityWeb-Tier Authentication MechanismsHTTP Basic AuthenticationForm-Based AuthenticationHTTP Basic or Form-Based Authentication over SSL (HTTPS)Client-Certificate or Mutual AuthenticationDigest AuthenticationUsing JAAS for Web-Tier AuthenticationSingle Sign-On Authentication for Web ApplicationsAgent-based Authentication for Web-Tier ApplicationsHTTP Session Tracking Using Cookies and URL RewritingCreating and Assessing an HTTP SessionExamining HTTP Session PropertiesInvalidating an HTTP SessionHTTP Session TimeoutWeb-Tier Authorization MechanismsSecurity Context and Access ControlDeclaring Security and Authorization ConstraintsWeb-Tier Programmatic AuthorizationJ2EE Client SecurityHTTPS ConnectionJAAS Client-Side CallbacksSecure J2ME ClientsEJB Tier or Business Component SecurityEJB Declarative AuthorizationEJB Programmatic AuthorizationAnonymous or Unprotected EJB ResourcesPrincipal Delegation in EJBsRun-AsSecurity Context Propagation from Web Tier to EJB TierEIS Integration Tier–OverviewSecuring J2EE Connector and EISEstablishing a Secure EIS ConnectionContainer-Managed Sign-OnComponent-Managed Sign-OnEIS Sign-On ProcessSecuring JMSJMS Provider AuthenticationAccess Control for JMS DestinationsJMS Transport SecuritySecuring JDBCJ2EE Architecture–Network TopologyDesigning for Security with Horizontal ScalabilityDesigning for Security with Vertical ScalabilityJ2EE Web Services Security–OverviewSummaryReferences
III. Web Services Security and Identity Management
6. Web Services Security–Standards and Technologies
Web Services Architecture and Its Building BlocksWeb Services Operational ModelCore Web Services StandardsExtensible Markup Language (XML)Simple Object Access Protocol (SOAP)Web Services Definition Language (WSDL)Universal Description, Discovery, and Integration (UDDI)Web Services Communication StylesRPC Style Web ServicesDocument Style Web ServicesWeb Services Security–Core IssuesWeb Services–Threats, Vulnerabilities, and RisksDenial of Service (DoS) / XML Denial of Service (XML-DoS)Man-in-the-MiddleMessage Injection and ManipulationSession Hijacking and TheftIdentity SpoofingMessage ConfidentialityReplay AttacksMessage Validation AbusesXML Schema TamperingWSDL and UDDI AttacksWeb Services Security RequirementsAuthenticationAuthorization and EntitlementAuditability and TraceabilityData IntegrityData ConfidentialityNon-repudiationAvailability and Service ContinuitySingle Sign-on and DelegationIdentity and Policy ManagementSecurity InteroperabilityWeb Services Security StandardsXML SignatureMotivation of XML SignatureThe Anatomy of XML SignatureRepresenting XML SignaturesRepresentation of XML Signature Structure and Elements<Signature><SignatureValue><SignedInfo><CanonicalizationMethod><SignatureMethod><Reference><Transforms><DigestMethod><DigestValue><KeyInfo><Object><Manifest><SignatureProperties>AlgorithmsSignature AlgorithmsCanonicalization AlgorithmsTransform AlgorithmsXML Signature ExamplesEnveloped SignatureEnveloping SignatureDetached SignatureCreating an XML SignatureVerifying and Validating an XML SignatureXML EncryptionMotivation of XML EncryptionThe Anatomy of XML EncryptionStructure of XML Encryption and Its Core Elements<EncryptedData><EncryptionMethod><ds:KeyInfo><CipherData><EncryptedKey><EncryptionProperties>XML Encryption AlgorithmsBlock EncryptionKey TransportKey AgreementSymmetric Key WrapMessage DigestMessage AuthenticationCanonicalizationXML Encryption: Example ScenariosXML Encryption: Element LevelXML Encryption: Element Content LevelXML Encryption: Element Content (Character Data)XML Encryption: Arbitrary ContentSuper Encryption: Encrypting the Encrypted DataXML Key Management System (XKMS)Motivation of XKMSXKMS Specification OverviewXML Key Information Services (X-KISS)X-KISS Locate ServiceX-KISS Validate ServiceXML Key Registration Service (X-KRSS)X-KRSS Key Registration ServiceX-KRSS Key Revocation ServiceX-KRSS Key Recovery ServiceX-KRSS Key Reissue ServiceX-BULKOASIS Web Services Security (WS-Security)Motivation of WS-SecurityWS-Security DefinitionsUsing Digital Signatures in WS-SecurityUsing Encryption in WS-SecurityUsing Security Tokens in WS-SecurityThe Role of SAML and REL in WS-SecurityWS-Security: The Anatomy of SOAP Message SecurityMessage Structure and Its Core ElementsNamespaces<wsse:Security><wsse:UsernameToken><wsse:BinarySecurityToken><saml:Assertion> and <r:license><wsse:SecurityTokenReference><ds:Signature><xenc:EncryptedData><xenc:EncryptedKey><wsu:TimeStamp>WS-I Basic Security ProfileJava-Based Web Services Security ProvidersSun JWSDPWS-Security in JWSDPJ2EE 1.4Sun Java System Access ManagerVeriSign TSIK and XKMS ServicesVeriSign XKMS ServicesRSA BSAFE Secure-WSXML-Aware Security AppliancesXML FirewallSummaryReferences
7. Identity Management Standards and Technologies
Identity Management–Core IssuesUnderstanding Network Identity and Federated IdentityThe Importance of Identity ManagementIntroduction to SAMLThe Motivation of SAMLThe Role of SAML in SSOSAML 1.0SAML 1.1SAML 2.0SAML ProfilesSAML ArchitectureSAML AssertionsSAML Domain ModelSAML ArchitecturePolicy Enforcement PointPolicy Administration PointSAML Request-Reply ModelSAML Authentication AssertionSAML Attribute AssertionSAML Authorization Decision AssertionXML Signatures in SAMLSAML Usage ScenariosThird-Party Authentication and AuthorizationGlobal LogoutSecurity Threats and CountermeasuresDenial of Service AttackMessage Replay and Message ModificationMan-in-the-Middle AttackThe Role of SAML in J2EE-Based Applications and Web ServicesIntroduction to Liberty Alliance and Their ObjectivesLiberty Phase 1Liberty Phase 2Liberty Alliance ArchitectureRelationshipsWeb RedirectionWeb ServicesMeta-Data and SchemasSecurity MechanismsLiberty Usage ScenariosFederation ManagementIdentity FederationIdentity De-federationIdentity Registration and TerminationLiberty Single Sign-onIdentity Provider Session State MaintenanceMulti-tiered AuthenticationCredentialsCommunication SecurityFederated Single Sign-onGlobal LogoutExample–SAML and Liberty Using Sun Java System Access ManagerThe Nirvana of Access Control and Policy ManagementIETF Policy Management Working GroupDistributed Management Task Force (DMTF)Parlay GroupEnterprise Privacy Authorization Language (EPAL)Web Services Policy–WS-Policy and WSPLIntroduction to XACMLXACML 2.0XACML Data Flow and ArchitectureXACML ArchitectureXACML Usage ScenariosPolicy StoreCentralizing Security Policy for Web Services SecurityCollaborating with SAMLebXML RegistryExample–XACML Using Sun’s XACML KitSample ScenarioSample RequestSample PolicyRemarkUse of XACML 2.0 with SAML 2.0SummaryReferences
IV. Security Design Methodology, Patterns, and Reality Checks
8. The Alchemy of Security Design–Methodology, Patterns, and Reality Checks
The RationaleThe Security WheelThe HubThe SpokesThe Wheel EdgeSecure UPSecure UP–ArtifactsRisk Analysis (RA)Trade-Off Analysis (TOA)Security PatternsUnderstanding Existing Security PatternsWeb TierBusiness TierIntegration TierInfrastructure and Quality of ServicesSecurity Patterns for J2EE, Web Services, Identity Management, and Service ProvisioningSecurity Pattern TemplateSecurity Patterns CatalogWeb Tier Security PatternsBusiness Tier Security PatternsWeb Services Tier Security PatternsSecurity Patterns for Identity Management and Service ProvisioningSecurity Patterns and their RelationshipsApplying Security PatternsWeb TierBusiness TierWeb Services TierIdentity TierPatterns-Driven Security DesignSecurity Design ProcessesFactor AnalysisInfrastructureWeb TierBusiness TierWeb Services TierIdentity TierQuality of ServicesTier AnalysisThreat ProfilingTrust ModelPolicy DesignClassificationSecurity LabelingApplication Security Assessment ModelReality ChecksSecurity TestingBlack Box TestingWhite Box TestingAdopting a Security FrameworkApplication Security ProviderSecurity Infrastructure ServicesIdentity and Policy Management ServicesRefactoring Security DesignService Continuity and RecoveryConclusionReferencesUnified ProcessSecurity PrinciplesSecurity PatternsOthers
V. Design Strategies and Best Practices
9. Securing the Web Tier–Design Strategies and Best Practices
Web-Tier Security PatternsAuthentication EnforcerProblemForcesSolutionStructureParticipants and ResponsibilitiesStrategiesContainer Authenticated StrategyAuthentication Provider-Based StrategyJAAS Login Module StrategyConsequencesSample CodeSecurity Factors and RisksReality CheckRelated PatternsAuthorization EnforcerProblemForcesSolutionStructureParticipants and ResponsibilitiesStrategiesAuthorization Provider StrategyProgrammatic Authorization StrategyJAAS Authorization StrategyConsequencesSecurity Factors and RisksReality CheckRelated PatternsIntercepting ValidatorProblemForcesSolutionStructureParticipants and ResponsibilitiesStrategiesConsequencesSecurity Factors and RisksReality CheckRelated PatternsSecure Base ActionProblemForcesSolutionStructureParticipants and ResponsibilitiesStrategiesMVC Style Secure Base Action StrategyConsequencesSample CodeSecurity Factors and RisksReality CheckRelated PatternsSecure LoggerProblemForcesSolutionStructureParticipants and ResponsibilitiesStrategiesSecure Data Logger StrategySecure Log Store StrategyConsequencesSample CodeSecurity Factors and RisksReality CheckRelated PatternsSecure PipeProblemForcesSolutionStructureParticipants and ResponsibilitiesStrategiesWeb-Server-Based SSLHardware-Based Cryptographic Card StrategyNetwork Appliance StrategyApplication Layer Using JSSE StrategyConsequencesSample CodeSecurity Factors and RisksInfrastructureWeb TierReality CheckRelated PatternsSecure Service ProxyProblemForcesSolutionStructureParticipants and ResponsibilitiesStrategiesSingle-Service Secure Service Proxy StrategyMulti-Service Controller Secure Service Proxy StrategySample CodeConsequencesSecurity Factors and RisksReality CheckRelated PatternsIntercepting Web AgentProblemForcesSolutionStructureParticipants and ResponsibilitiesStrategiesExternal Policy Server StrategyConsequencesSample CodeSecurity Factors and RisksReality CheckRelated PatternsBest Practices and PitfallsInfrastructureCommunicationApplicationReferences
10. Securing the Business Tier–Design Strategies and Best Practices
Security Considerations in the Business TierBusiness Tier Security PatternsAudit InterceptorProblemForcesSolutionStructureParticipants and ResponsibilitiesStrategiesIntercepting Session Façade StrategyConsequencesSample CodeSecurity Factors and RisksBusiness TierDistributed SecurityReality CheckRelated PatternsContainer Managed SecurityProblemForcesSolutionStructureParticipants and ResponsibilitiesStrategiesWeb Tier Container Managed Security StrategyService Tier Container Managed Security StrategyContainer Manager Security in Conjunction with Programmatic SecurityConsequencesSample CodeSecurity Factors and RisksReality CheckRelated PatternsDynamic Service ManagementProblemForcesSolutionStructureParticipants and ResponsibilitiesStrategiesModel MBean StrategyConsequencesSample CodeSecurity Factors and RisksReality CheckRelated PatternsObfuscated Transfer ObjectProblemForcesSolutionStructureParticipants and ResponsibilitiesStrategiesMasked List StrategyEncryption StrategyConsequencesSample CodeSecurity Factors and RisksReality CheckRelated PatternsPolicy DelegateProblemForcesSolutionStructureParticipants and ResponsibilitiesStrategiesConsequencesSample CodeSecurity Factors and RisksReality CheckRelated PatternsSecure Service FaçadeProblemForcesSolutionStructureParticipants and ResponsibilitiesStrategiesConsequencesSample CodeSecurity Factors and RisksReality CheckRelated PatternsSecure Session ObjectProblemForcesSolutionStructureParticipants and ResponsibilitiesStrategiesTransfer Object Member StrategyInterceptor StrategyConsequencesSample CodeSecurity Factors and RisksReality CheckRelated PatternsBest Practices and PitfallsInfrastructureArchitecturePolicyPitfallsReferences
11. Securing Web Services–Design Strategies and Best Practices
Web Services Security Protocols StackNetwork-Layer SecurityTransport-Layer SecurityMessage-Layer SecurityWeb Services Security InfrastructureNetwork Perimeter SecurityXML FirewallWeb Services InfrastructureIdentity ProviderDirectory ServicesWeb Services Security PatternsMessage Interceptor GatewayProblemForcesSolutionStructureParticipants and ResponsibilitiesStrategiesXML-Aware Security Appliance (XML Firewall) StrategyIntercepting Web Agent StrategyConsequencesSecurity Factors and RisksReality ChecksRelated PatternsMessage InspectorProblemForcesSolutionStructureParticipants and ResponsibilitiesStrategiesXML-Aware Security Appliance StrategyMessage-Handler Chain StrategyIdentity Provider Agent StrategyConsequencesSecurity Factors and RisksReality ChecksRelated PatternsSecure Message RouterProblemForcesSolutionStructureParticipants and ResponsibilitiesStrategiesXML Messaging Provider StrategyLiberty SSO StrategyConsequencesSecurity Factors and RisksReality ChecksRelated PatternsBest Practices and PitfallsBest PracticesWeb Services Infrastructure SecurityCommunication and Message SecurityTesting and DeploymentPitfallsReferences
12. Securing the Identity–Design Strategies and Best Practices
Identity Management Security PatternsAssertion Builder PatternProblemForcesSolutionStructureParticipants and ResponsibilitiesStrategiesProtocol Binding StrategyTime Checking StrategyAudit Control StrategyUsing Assertion Builder Pattern in Single Sign-onConsequencesSample CodeSecurity Factors and RisksReality CheckRelated PatternsSingle Sign-on (SSO) Delegator PatternProblemForcesSolutionStructureParticipants and ResponsibilitiesStrategiesUsing Single Sign-on Delegator and Assertion Builder TogetherGlobal Logout StrategyIdentity Termination / Revocation StrategyConsequencesSample CodeSecurity Factors and RisksReality CheckRelated PatternsCredential Tokenizer PatternProblemForcesSolutionStructureParticipants and ResponsibilitiesStrategiesService Provider Interface ApproachProtocol Binding StrategyConsequencesSample CodeSecurity Factors and RisksReality CheckRelated PatternsBest Practices and PitfallsBest PracticesPitfallsReferences
13. Secure Service Provisioning–Design Strategies and Best Practices
Business ChallengesScope of Service ProvisioningRelationship with Identity ManagementA Typical Scenario of User Account ProvisioningCurrent Approaches to User Account ProvisioningUser Account Provisioning ArchitectureCentralized Model versus Decentralized ModelLogical ArchitectureProvisioning ComponentsProvisioning ServicesPortal IntegrationIntegrating with an Identity Provider InfrastructureOther Integration CapabilityDifferentiators for Service Provisioning ProductsTechnology DifferentiatorsIntroduction to SPMLService Provisioning OperationsFeatures in SPMLAdopting a SAML ImplementationService Provisioning Security PatternPassword Synchronizer PatternProblemForcesSolutionStructureParticipants and ResponsibilitiesStrategiesConsequencesSample CodeSecurity Factors and RisksReality CheckRelated PatternsBest Practices and PitfallsApplication DesignQuality of ServiceServer Sizing ConsiderationSecurity Risk MitigationSummaryReferencesGeneralSome Security Service Provisioning VendorsSome Password Management or Password Synchronization Vendor Products
VI. Putting It All Together
14. Building End-to-End Security Architecture–A Case Study
OverviewUnderstanding the Security ChallengesAssumptionsUse Case ScenariosChoosing the Right MethodologyIdentifying the RequirementsIdentifying the Security RequirementsSystem ConstraintsSecurity Use CasesUse Case DiagramActorseRewards Portal–Logical ViewSystem EnvironmentApplication ArchitectureTechnology ElementsSecurity PrerequisitesConceptual Security ModelSecurity ArchitectureRisk Analysis and MitigationTrade-Off Analysis (TOA)Applying Security PatternsOther Security Patterns UsedSecurity Architecture–Detailed ComponentsWeb TierBusiness TierWeb Service TierDesignPolicy DesignFactor AnalysisInfrastructureWeb TierBusiness TierWeb Services TierSecurity InfrastructureSecurity Infrastructure–Detailed componentsTier AnalysisWeb TierBusiness TierWeb Services TierIdentity TierTrust ModelThreat ProfilingSecurity DesignRelating the Analyses to the Security PatternsData Modeling and ObjectsBusiness Data ObjectsData ClassService DesignUser Login ServiceCatalog ServiceOrder Management ServiceOrder Fulfillment ServiceDevelopmentUnit and Integration TestingTestingWhite Box TestingBlack Box TestingDeploymentConfigurationMonitoringAuditingSummaryLessons LearnedPitfallsConclusionReferences
VII. Personal Identification Using Smart Cards and Biometrics
15. Secure Personal Identification Strategies Using Smart Cards and Biometrics
Physical and Logical Access ControlThe Role of Smart Cards in Access ControlThe Role of Biometrics in Access ControlEnabling TechnologiesJava Card APIGlobal PlatformPC/SC FrameworkOpenCard Framework (OCF)OpenSCBioAPIPluggable Authentication Module (PAM)Graphical Identification and Authentication (GINA)Java Authentication and Authorization Service (JAAS)Smart Card-Based Identification and AuthenticationArchitecture and Implementation ModelLogical ArchitectureSmart CardsSmart Card ReadersSmart Card Enrollment/Personalization SystemSmart Card Authentication ServerBrowser Plug-in (for Web Clients)JAAS LoginModule (for J2EE and Java Applications)J2EE-Compliant Application ServerPAM Module (for UNIX Applications and Desktop Login)GINA Module (for Windows Environment)Operational ModelSmart Card Enrollment and TerminationSmart Card-Based AuthenticationSmart Card Authentication Using Challenge-Response ProtocolSmart Card Authentication Using OCSP ResponderUsing Smart Cards for Physical Access ControlBiometric Identification and AuthenticationUnderstanding the Biometric Verification ProcessIdentification and AuthenticationFingerprint MatchingAccuracy of a Biometric Verification ProcessFalse Non-Match Rate (FNMR) or False Reject Rate (FRR)False Acceptance Rate (FAR) or False Match Rate (FMR)Failure to Enroll (FTE)Crossover Error Rate (CER) or Equal Error Rate (EER)Ability to Verify (ATV)Architecture and ImplementationLogical ArchitectureFingerprint ScannerBiometrics Enrollment and Authentication SystemBrowser Plug-in (for Web Clients)PAM Module (for UNIX Applications and Desktop Login)GINA Module (for Windows Environment)J2EE-Compliant Application ServerJAAS LoginModule (for J2EE and Java Applications)Operational ModelBiometric Enrollment and TerminationBiometric Authentication ProcessBiometric SSO StrategyMulti-factor Authentication Using Smart Cards and BiometricsMatch-on-the-Card Biometrics StrategyMatch-off-the-Card Biometrics StrategyBest Practices and PitfallsUsing Smart CardsUsing BiometricsPitfallsReferences

Content preview from Core Security Patterns: Best Practices and Strategies for J2EE™, Web Services, and Identity Management

About the Authors

Christopher Steel, CISSP, ISSAP, is the President and CEO of FortMoon Consulting and was recently the chief architect on the U.S. Treasury’s Pay.gov project. He has more than fifteen years experience in distributed enterprise computing with a strong focus on application security, patterns, and methodologies. Some of his clients include the U.S. Navy, Raytheon, Fleet, CVS Pharmacy, Nextel, Verizon, AOL, KPMG, MCI, and GTE. He presents regularly at local and industry conferences on topics of security.

Ramesh Nagappan is a Java Technology Architect at Sun Microsystems. With extensive industry experience, he specializes in Java distributed computing and Security architectures for mission-critical applications. Prior to this work, ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

The Definitive Guide to Security in Jakarta EE: Securing Java-based Enterprise Applications with Jakarta Security, Authorization, Authentication and More

Arjan Tijms, Teo Bais, Werner Keil

Publisher Resources

ISBN: 0131463071Purchase book

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

Core Security Patterns: Best Practices and Strategies for J2EE™, Web Services, and Identity Management

by Christopher Steel, Ramesh Nagappan, Ray Lai

About the Authors

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.