Book description
Comprehensive coverage is given in this up-to-date and practical guide to Web services security--the first to cover the final release of new standards SAML 1.1 and WS-Security. Rosenberg and Remy are security experts who co-founded GeoTrust, the #2 Web site certificate authority.
Table of contents
- Copyright
- About the Authors
- Acknowledgments
- We Want to Hear from You!
- Forewords
- Introduction
- 1. Basic Concepts of Web Services Security
-
2. The Foundations of Web Services
- The Gestalt of Web Services
- XML: Meta-Language for Data-Oriented Interchange
- SOAP: XML Messaging and Remote Application Access
- WSDL: Schema for XML/SOAP Objects and Interfaces
- UDDI: Publishing and Discovering Web Services
- ebXML and RosettaNet: Alternative Technologies for Web Services
- The Web Services Security Specifications
- Summary
-
3. The Foundations of Distributed Message-Level Security
- The Challenges of Information Security for Web Services
- Shared Key Technologies
-
Public Key Technologies
- Public Key Encryption
- Limitations of Public Key Encryption
- Digital Signature Basics
- A Digital Signature Expressed in XML
-
Public Key Infrastructure
- Digital Certificates Are Containers for Public Keys
- Certificate Authorities Issue (and Sign) Digital Certificates
- CAs Must Be Trusted or Vouched For by a Trusted CA
- Root CAs Are Trusted by Everyone
- Key Escrow for Recovering Lost Private Keys
- Certificate Revocation for Dealing with Public Keys Gone Bad
- Trust Services
- SSL Transport Layer Security
- Summary
-
4. Safeguarding the Identity and Integrity of XML Messages
- Introduction To and Motivation for XML Signature
- XML Signature Fundamentals
- XML Signature Structure
- XML Signature Processing
- The XML Signature Elements
- Security Strategies for XML Signature
- Summary
-
5. Ensuring Confidentiality of XML Messages
-
Introduction to and Motivation for XML Encryption
- Relating XML Encryption and XML Signature
- Critical Building Block for WS-Security
- The Goal Is to Ensure Confidentiality of Messages from End to End with Different Recipients
- Think Shared Key Cryptography When You Think of XML Encryption
- XML Encryption Will Become Part of the Infrastructure Like XML Signature
- XML Encryption Fundamentals
- XML Encryption Structure
- XML Encryption Processing
- Using XML Encryption and XML Signature Together
- Summary
-
Introduction to and Motivation for XML Encryption
- 6. Portable Identity, Authentication, and Authorization
- 7. Building Security into SOAP
- 8. Communicating Security Policy
-
9. Trust, Access Control, and Rights for Web Services
- The WS-* Family of Security Specifications
- XML Key Management Specification (XKMS)
- eXtensible Access Control Markup Language (XACML) Specification
- eXtensible Rights Markup Language (XrML) Management Specification
- Summary
- 10. Building a Secure Web Service Using BEA's WebLogic Workshop
-
A. Security, Cryptography, and Protocol Background Material
- The SSL Protocol
- Testing for Primality
- RSA Cryptography
- DSA Digital Signature Algorithms
- Block Cipher Processing
- DES Encryption Algorithm
- AES Encryption Algorithm
- Hashing Details and Requirements
- SHA1
- Silvio Micali's Fast Validation/Revocation
- Canonicalization of Messages for Digital Signature Manifests
- Base-64 Encoding
- PGP
- Glossary
Product information
- Title: Securing Web Services with WS-Security
- Author(s):
- Release date: May 2004
- Publisher(s): Sams
- ISBN: 0672326515
You might also like
book
SOA Security
Anyone seeking to implement SOA Security is forced to dig through a maze of inter-dependent specifications …
article
Run Llama-2 Models Locally with llama.cpp
Llama is Meta’s answer to the growing demand for LLMs. Unlike its well-known technological relative, ChatGPT, …
article
Use Github Copilot for Prompt Engineering
Using GitHub Copilot can feel like magic. The tool automatically fills out entire blocks of code--but …
article
Detect Fraud Using Isolation Forest
These shortcuts delve into generative AI, where algorithms and models create synthetic data, detect anomalies, and …