| | Copyright |
| | Praise for Core Security Patterns |
| | Prentice Hall Core Series |
| | Foreword |
| | Foreword |
| | Preface |
| | | What This Book Is About |
| | | What This Book Is Not |
| | | Who Should Read This Book? |
| | | How This Book Is Organized |
| | | Companion Web Site |
| | | Feedback |
| | Acknowledgments |
| | | Chris Steel |
| | | Ramesh Nagappan |
| | | Ray Lai |
| | About the Authors |
| | Part I: Introduction |
| | | Chapter 1. Security by Default |
| | | Business Challenges Around Security |
| | | What Are the Weakest Links? |
| | | The Impact of Application Security |
| | | The Four W's |
| | | Strategies for Building Robust Security |
| | | Proactive and Reactive Security |
| | | The Importance of Security Compliance |
| | | The Importance of Identity Management |
| | | Secure Personal Identification |
| | | The Importance of Java Technology |
| | | Making Security a "Business Enabler" |
| | | Summary |
| | | References |
| | | Chapter 2. Basics of Security |
| | | Security Requirements and Goals |
| | | The Role of Cryptography in Security |
| | | The Role of Secure Sockets Layer (SSL) |
| | | The Importance and Role of LDAP in Security |
| | | Common Challenges in Cryptography |
| | | Threat Modeling |
| | | Identity Management |
| | | Summary |
| | | References |
| | Part II: Java Security Architecture and Technologies |
| | | Chapter 3. The Java 2 Platform Security |
| | | Java Security Architecture |
| | | Java Applet Security |
| | | Java Web Start Security |
| | | Java Security Management Tools |
| | | J2ME Security Architecture |
| | | Java Card Security Architecture |
| | | Securing the Java Code |
| | | Summary |
| | | References |
| | | Chapter 4. Java Extensible Security Architecture and APIs |
| | | Java Extensible Security Architecture |
| | | Java Cryptography Architecture (JCA) |
| | | Java Cryptographic Extensions (JCE) |
| | | Java Certification Path API (CertPath) |
| | | Java Secure Socket Extension (JSSE) |
| | | Java Authentication and Authorization Service (JAAS) |
| | | Java Generic Secure Services API (JGSS) |
| | | Simple Authentication and Security Layer (SASL) |
| | | Summary |
| | | References |
| | | Chapter 5. J2EE Security Architecture |
| | | J2EE Architecture and Its Logical Tiers |
| | | J2EE Security Definitions |
| | | J2EE Security Infrastructure |
| | | J2EE Container-Based Security |
| | | J2EE Component/Tier-Level Security |
| | | J2EE Client Security |
| | | EJB Tier or Business Component Security |
| | | EIS Integration TierOverview |
| | | J2EE ArchitectureNetwork Topology |
| | | J2EE Web Services SecurityOverview |
| | | Summary |
| | | References |
| | Part III: Web Services Security and Identity Management |
| | | Chapter 6. Web Services SecurityStandards and Technologies |
| | | Web Services Architecture and Its Building Blocks |
| | | Web Services SecurityCore Issues |
| | | Web Services Security Requirements |
| | | Web Services Security Standards |
| | | XML Signature |
| | | XML Encryption |
| | | XML Key Management System (XKMS) |
| | | OASIS Web Services Security (WS-Security) |
| | | WS-I Basic Security Profile |
| | | Java-Based Web Services Security Providers |
| | | XML-Aware Security Appliances |
| | | Summary |
| | | References |
| | | Chapter 7. Identity Management Standards and Technologies |
| | | Identity ManagementCore Issues |
| | | Understanding Network Identity and Federated Identity |
| | | Introduction to SAML |
| | | SAML Architecture |
| | | SAML Usage Scenarios |
| | | The Role of SAML in J2EE-Based Applications and Web Services |
| | | Introduction to Liberty Alliance and Their Objectives |
| | | Liberty Alliance Architecture |
| | | Liberty Usage Scenarios |
| | | The Nirvana of Access Control and Policy Management |
| | | Introduction to XACML |
| | | XACML Data Flow and Architecture |
| | | XACML Usage Scenarios |
| | | Summary |
| | | References |
| | Part IV: Security Design Methodology, Patterns, and Reality Checks |
| | | Chapter 8. The Alchemy of Security DesignMethodology, Patterns, and Reality Checks |
| | | The Rationale |
| | | Secure UP |
| | | Security Patterns |
| | | Security Patterns for J2EE, Web Services, Identity Management, and Service Provisioning |
| | | Reality Checks |
| | | Security Testing |
| | | Adopting a Security Framework |
| | | Refactoring Security Design |
| | | Service Continuity and Recovery |
| | | Conclusion |
| | | References |
| | Part V: Design Strategies and Best Practices |
| | | Chapter 9. Securing the Web TierDesign Strategies and Best Practices |
| | | Web-Tier Security Patterns |
| | | Best Practices and Pitfalls |
| | | References |
| | | Chapter 10. Securing the Business TierDesign Strategies and Best Practices |
| | | Security Considerations in the Business Tier |
| | | Business Tier Security Patterns |
| | | Best Practices and Pitfalls |
| | | References |
| | | Chapter 11. Securing Web ServicesDesign Strategies and Best Practices |
| | | Web Services Security Protocols Stack |
| | | Web Services Security Infrastructure |
| | | Web Services Security Patterns |
| | | Best Practices and Pitfalls |
| | | References |
| | | Chapter 12. Securing the IdentityDesign Strategies and Best Practices |
| | | Identity Management Security Patterns |
| | | Best Practices and Pitfalls |
| | | References |
| | | Chapter 13. Secure Service ProvisioningDesign Strategies and Best Practices |
| | | Business Challenges |
| | | User Account Provisioning Architecture |
| | | Introduction to SPML |
| | | Service Provisioning Security Pattern |
| | | Best Practices and Pitfalls |
| | | Summary |
| | | References |
| | Part VI: Putting It All Together |
| | | Chapter 14. Building End-to-End Security ArchitectureA Case Study |
| | | Overview |
| | | Use Case Scenarios |
| | | Application Architecture |
| | | Security Architecture |
| | | Design |
| | | Development |
| | | Testing |
| | | Deployment |
| | | Summary |
| | | Lessons Learned |
| | | Pitfalls |
| | | Conclusion |
| | | References |
| | Part VII: Personal Identification Using Smart Cards and Biometrics |
| | | Chapter 15. Secure Personal Identification Strategies Using Smart Cards and Biometrics |
| | | Physical and Logical Access Control |
| | | Enabling Technologies |
| | | Smart Card-Based Identification and Authentication |
| | | Biometric Identification and Authentication |
| | | Multi-factor Authentication Using Smart Cards and Biometrics |
| | | Best Practices and Pitfalls |
| | | References |
| | Index |