A



Index


[SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Y] [Z]

Ability to verify (ATV) probability
abort method
Abstract Factory pattern
Abstract objects
Abstraction layers
Access control 2nd
     Assertion Builder pattern
     broken
     Business tier patterns 2nd
     DMTF
     EPAL
     for smart cards
     IETF Policy Management Working Group
     J2EE
     management services 2nd
     Parlay Group
     physical and logical
     Web services 2nd
Access control lists (ACLs)
     J2EE
     JMS
Access points in case study
AccessController class
Accountability, checklist for
Accounts. [See User account provisioning]
Accuracy of biometric verification
ACLs (access control lists)
     J2EE
     JMS
Actions in Parlay
Active RFID tags
Activities in Secure UP
Actors in use cases
Add operation in SPML
Add-on, security as
addListener method
AddResponse message
Administration
     in biometric systems
     in Web tier patterns
     reality checks for
Administrator privileges
Advanced Encryption Standard (AES) 2nd 3rd
Advice in SAML assertions
Advisory policies
Agent-based and agentless architecture for user account provisioning
Agent-based authentication 2nd
Agent-based policy enforcement
Aggregation, service
Alchemy of security design
     conclusion
     framework adoption
     rationale
    reality checks. [See Reality checks]
     refactoring
     references
     Secure UP
         artifacts in
         risk analysis
         trade-off analysis
    security patterns. [See Security patterns]
     service continuity and recovery
     testing
ALE (Annual Loss Expectancy) 2nd
Alerts
     SSL
     Web services patterns
AlgorithmParameter class
AlgorithmParameterGenerator class
Alteration attacks
     SAML
     Secure Logger pattern 2nd
Annual Loss Expectancy (ALE) 2nd
Anonymous EJB resources
AOP (Aspect Oriented Programming) techniques
Apache Struts
     in form validation XML
     in Web data validation
     with SecureBaseAction
     with SimpleFormAction
APDUs (Application Protocol Data Units)
APIs
     BioAPI
     CertPath
     JAAS
     Java
     Java Card
     JCA
     JCE
     JSSE
     SAAJ 2nd 3rd
     SASL
     Vendor-specific
Applets
     for smart cards
     Java Card
     signed
Appletviewers
Appliances
     firewall
     strategies for
     XML-aware
Application Controller
Application data messages in SSL
Application Protocol Data Units (APDUs)
Application Requests
Application security assessment model
Application Security Providers
Application-based authentication
Applications and application security
     access control
     as weakest links
     audit and logging
     authentication
     buffer overflow
     CLDC
     coding problems
     configuration data
     cross-site scripting
     data injection flaws
     data transit and storage
     deployment problems
     DOS and DDOS attacks
     encryption
     error handling
     in case study
     input validation failures
     Intercepting Web Agent pattern
     J2EE
     JSSE
     man-in-the-middle attacks
     multiple sign-ons
     output sanitation
     password exploits
     policies
     Secure Pipe pattern
     security provisioning patterns
     security tokens
    servers
         for biometrics
         for smart cards
         in use cases
     session identifiers
     session theft
     Web tier patterns
Applying security patterns
Architecture
     in case study 2nd
    in security patterns
         Authentication Enforcer
         Business tier
         Intercepting Validator
         Intercepting Web Agent
         Secure Base Action
         Secure Service Proxy
     inefficiencies
     J2EE
     J2ME
     Java
     Liberty Alliance
     patterns-driven security design
     personal identification systems
         biometrics
         smart cards
     risk analysis
     SAML 2nd
     Secure UP 2nd
    user account provisioning
         centralized model vs. decentralized
         components of
         logical
     Web services
     XACML
Artifact Resolution Profile
Artifacts in Secure UP
Aspect Oriented Programming (AOP) techniques
Assemblers, J2EE
Assertion Builder pattern 2nd
     and Single Sign-on Delegator pattern 2nd
     consequences
     forces
     in service provisioning
     in single sign-on
     participants and responsibilities
     problem
     reality check
     related patterns
     sample code
     security factors and risks
     solution
     strategies
     structure
Assertion class
Assertion Query/Request profile
AssertionContext class
AssertionContextImpl class 2nd
Assertions
     Java System Access Manager
     SAML
         attribute
         authentication 2nd
         authorization
     WS-Policy
     WS-Security
assertRequest method
Assessment checklists
Asset valuation
Asymmetric ciphers
Attachments in SOAP messages
Attack trees
AttributeQuery class
Attributes
     J2EE
    SAML
         assertion 2nd
         authority 2nd
         mapping
         profile
         repository
     Secure Service Facade pattern
     XACML 2nd
AttributeStatement class 2nd
ATV (ability to verify) probability
Audit Interceptor pattern 2nd 3rd
     and Message Inspector pattern
     consequences
     forces
     in case study 2nd 3rd 4th
     participants and responsibilities
     problem
     reality check
     related patterns
     sample code
     security factors and risks
     solution
     strategies
     structure
audit method
AuditClient.java file
Auditing
     Assertion Builder pattern
    Audit Interceptor pattern. [See Audit Interceptor pattern]
     biometrics
     Business tier patterns 2nd 3rd
     Dynamic Service Management pattern
     failures in
     identity management 2nd 3rd
     Secure Service Facade pattern
     Secure UP 2nd
     Security Wheel
     Single Sign-on Delegator pattern
     Web services 2nd
     Web tier patterns 2nd
AuditLog class 2nd
AuditLogJdbcDAO class
AuditRequestMessageBean.java file
Authentication
     assessment checklists
     biometrics 2nd 3rd 4th
     broken 2nd 3rd
     in case study
    in security patterns
         Assertion Builder 2nd
        Authentication Enforcer. [See Authentication Enforcer pattern]
         Business tier
         Dynamic Service Management
         Intercepting Web Agent
         Password Synchronizer
         Policy Delegate
         Secure Base Action
         Secure Service Facade
         Secure Session Object
         Web tier
     in trust model
     J2EE 2nd
         agent-based 2nd
         application-based
         container-based
         declarative
         programmatic
         Web tier
     JAAS
         classes for
         in clients
         LoginModule for 2nd
         web-tier
     Java code
     JMS
     JSSE
     Liberty Alliance sessions
     multi-factor
     personal identification
     SAML 2nd
         assertions in 2nd 3rd
         third-party
     Security services
     Security Wheel
     smart cards 2nd 3rd
     Web services
Authentication Enforcer pattern
     consequences
     forces
     in case study 2nd 3rd 4th 5th
     participants and responsibilities
     problem
     reality checks in
     related patterns
         Container Managed Security
         Secure Base Action
     sample code
     security factors and risk in
     solution
     strategies in
     structure
Authentication provider-based strategy
     Authentication Enforcer pattern
     JAAS Login Module
Authentication Request protocol
AuthenticationEnforcer class
AuthenticationInstant class
AuthenticationProvider class
AuthenticationStatement class
Authoritative Source of Data pattern
Authorization
     classes for
    in security patterns
         Dynamic Service Management
         Intercepting Web Agent
         Policy Delegate
         Secure Base Action
         Secure Session Object
     J2EE 2nd 3rd
         declarative
         programmatic
         Web tier
    JAAS
         implementing
         strategy
     SAML 2nd 3rd
     Security services
     Security Wheel
     trust model
     Web services
     XACML 2.0
Authorization and Access Control service
Authorization Enforcer pattern
     consequences
     forces
     participants and responsibilities
     problem
     reality check
     related patterns
     security factors and risks
     solution
     strategies
     structure
Authorization providers
AuthorizationEnforcer class
AuthPermission class
Automated back-out strategy
Automated password retry
Availability
     identity management patterns
     in case study
     in use cases
     J2EE network topology
     Message Interceptor Gateway pattern
     Secure Message Router pattern
     security provisioning patterns
     Security Wheel
     Web services




Core Security Patterns. Best Practices and Strategies for J2EE, Web Services, and Identity Management
Core Security Patterns: Best Practices and Strategies for J2EE, Web Services, and Identity Management
ISBN: 0131463071
EAN: 2147483647
Year: 2005
Pages: 204

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net