I | Core Security Patterns: Best Practices and Strategies for J2EE, Web Services, and Identity Management

Index

[SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Y] [Z]

I/O, non-blocking
ID-FF (Identity Federated Framework) version 1.2
ID-SIS (Identity Service Interface Specification) version
ID-WSF (Identity Web Services Framework) version
IDEA symmetric cipher
Identification processes
Identity Federated Framework (ID-FF) version 1.2
Identity federation 2nd 3rd
     cross-domain
     Liberty Alliance
     SAML
Identity management 2nd 3rd 4th
    access control. [See Access control]
     access management services
     auditing 2nd 3rd
     core issues
     data synchronization services
     directory services
     importance
     in case study 2nd
     in use cases
     justifying
    Liberty Alliance Project. [See Liberty Alliance Project]
     network identity
    personal identification. [See Personal identification]
     point-to-point interfaces for
     policies
     provisioning services
     references 2nd
     reporting services
    SAML. [See SAML (Security Assertion Markup Language)]
     security patterns for 2nd 3rd
         Assertion Builder
         best practices
         Credential Tokenizer
         factor analysis
         Password Synchronizer
         pitfalls
         references
         Single Sign-on Delegator
         Web services
     service provisioning relationship
     services for
    single sign-on. [See Single sign-on (SSO) mechanisms]
     summary 2nd
    XACML. [See XACML (Extensible Access Control Markup Language)]
Identity Provider Agent strategy
Identity Provider Discovery Profile
Identity providers
     in case study
     Liberty Alliance
     Liberty specifications
     Message Inspector pattern
     Message Interceptor Gateway pattern
     Secure Message Router pattern
     Single Sign-on Delegator pattern 2nd
     user account provisioning
     Web services
Identity Service Interface Specification (ID-SIS) version
Identity termination strategy
Identity theft and spoofing
     Assertion Builder pattern
     Web services
Identity Web Services Framework (ID-WSF) version
IDSs (Intrusion Detection Systems)
IETF Policy Management Working Group
IMAP (Internet Message Access protocol)
Impact risk factor
Implementation
     Assertion Builder pattern
     AssertionContextImpl class
     biometrics
     JAAS authorization
     LoginModule class
     Policy Delegate pattern
     Secure UP 2nd
     smart cards
     SPML
     UserNameTokem class
implies method
Importing certificates 2nd
Inclusive canonicalization encryption
Information aggregators
Informative policies
Infrastructure
     Application Security Provider
     in case study 2nd 3rd
     in security patterns
         Business tier
         factor analysis
         Intercepting Web Agent
         Password Synchronizer
         Secure Pipe
         Web services 2nd
         Web tier
     J2EE
     policies
     Security Services
init method
     AuditClient
     Cipher
     HTTPProxy
     MBeanFactory
     MBeanManager
     PasswordSyncLedger
     PasswordSyncListener
     Policy Delegate pattern
     SimpleSOAPServiceSecurePolicy
     TakeAction
     WriteFileApplet
initConfig method
     ServiceConfig
     SSODelegatorFactoryImpl
initialize method
     KeyPairGenerator
     LoginModule
initSign method
initVerify method
Injection flaws
Input validation failures
Insider attacks
Integration and Integration tier
     in case study
     in identity management
     in patterns-driven design
     in security patterns
         Assertion Builder
         Intercepting Web Agent 2nd
         Password Synchronizer
         Secure Service Facade
         Secure Service Proxy
     J2EE
     reality checks
     rule-based
     user account provisioning
Integrity
     as security goal
     in Security Wheel
     Secure Pipe pattern 2nd
     Web services
Intellectual property
Intercepting Filter pattern
     and Audit Interceptor pattern
     and Authentication Enforcer pattern
     and Intercepting Validator pattern
Intercepting Validator pattern
     and Secure Base Action pattern 2nd
     consequences
     forces
     in case study 2nd 3rd 4th 5th
     participants and responsibilities 2nd
     problem
     reality check
     related patterns
     security factors and risks
     solution
     strategies
     structure
Intercepting Web Agent pattern
     consequences
     forces
     in case study
     participants and responsibilities
     problem
     reality check
     related patterns
         Container Managed Security
         Secure Service Proxy
     sample code
     security factors and risks
     solution
     strategies
     structure
Intercepting Web Agent strategy
Interceptor strategy
Interfaces
     CertPath
     JAAS
     JCA
     JCE
     JSSE
     Password Synchronizer pattern
     PKCS#11 and PKCS#15 standards
     Policy Delegate pattern
     Secure Service Facade pattern
Intermediary infrastructure
Internet Message Access protocol (IMAP)
Internet Scanner testing tool
Interoperability
     Liberty Phase 1
     Secure Message Router pattern
     Secure Pipe pattern
     security provisioning patterns
     user account provisioning
     Web services
Intrusion Detection Systems (IDSs)
Invalid data. [See Intercepting Validator pattern]
Invalidating HTTP sessions
Invocation, rule-based
invoke method
IP address capture
IP filtering
Iris verification
isAuthorized method
isCallerInRole method
     EJBContext
     J2EE authorization
Issuing authority in SAML
isUserInRole method 2nd 3rd
isValidStatement method
Iterative development in Secure UP
ITS4 testing tool