Table of Contents | Core Security Patterns: Best Practices and Strategies for J2EE, Web Services, and Identity Management

Core Security Patterns: Best Practices and Strategies for J2EE™, Web Services, and Identity Management
By Christopher Steel, Ramesh Nagappan, Ray Lai
...............................................
Publisher: Prentice Hall PTR / Sun Micros
Pub Date: October 14, 2005
ISBN: 0-13-146307-1
Pages: 1088

Table of Contents | Index

Praise for Core Security Patterns

Prentice Hall Core Series

Foreword

Preface

What This Book Is About

What This Book Is Not

Who Should Read This Book?

How This Book Is Organized

Companion Web Site

Feedback

Acknowledgments

Chris Steel

Ramesh Nagappan

Ray Lai

About the Authors

Part I: Introduction

Chapter 1. Security by Default

Business Challenges Around Security

What Are the Weakest Links?

The Impact of Application Security

The Four W's

Strategies for Building Robust Security

Proactive and Reactive Security

The Importance of Security Compliance

The Importance of Identity Management

Secure Personal Identification

The Importance of Java Technology

Making Security a "Business Enabler"

Summary

References

Chapter 2. Basics of Security

Security Requirements and Goals

The Role of Cryptography in Security

The Role of Secure Sockets Layer (SSL)

The Importance and Role of LDAP in Security

Common Challenges in Cryptography

Threat Modeling

Identity Management

Summary

References

Part II: Java Security Architecture and Technologies

Chapter 3. The Java 2 Platform Security

Java Security Architecture

Java Applet Security

Java Web Start Security

Java Security Management Tools

J2ME Security Architecture

Java Card Security Architecture

Securing the Java Code

Summary

References

Chapter 4. Java Extensible Security Architecture and APIs

Java Extensible Security Architecture

Java Cryptography Architecture (JCA)

Java Cryptographic Extensions (JCE)

Java Certification Path API (CertPath)

Java Secure Socket Extension (JSSE)

Java Authentication and Authorization Service (JAAS)

Java Generic Secure Services API (JGSS)

Simple Authentication and Security Layer (SASL)

Summary

References

Chapter 5. J2EE Security Architecture

J2EE Architecture and Its Logical Tiers

J2EE Security Definitions

J2EE Security Infrastructure

J2EE Container-Based Security

J2EE Component/Tier-Level Security

J2EE Client Security

EJB Tier or Business Component Security

EIS Integration TierOverview

J2EE ArchitectureNetwork Topology

J2EE Web Services SecurityOverview

Summary

References

Part III: Web Services Security and Identity Management

Chapter 6. Web Services SecurityStandards and Technologies

Web Services Architecture and Its Building Blocks

Web Services SecurityCore Issues

Web Services Security Requirements

Web Services Security Standards

XML Signature

XML Encryption

XML Key Management System (XKMS)

OASIS Web Services Security (WS-Security)

WS-I Basic Security Profile

Java-Based Web Services Security Providers

XML-Aware Security Appliances

Summary

References

Chapter 7. Identity Management Standards and Technologies

Identity ManagementCore Issues

Understanding Network Identity and Federated Identity

Introduction to SAML

SAML Architecture

SAML Usage Scenarios

The Role of SAML in J2EE-Based Applications and Web Services

Introduction to Liberty Alliance and Their Objectives

Liberty Alliance Architecture

Liberty Usage Scenarios

The Nirvana of Access Control and Policy Management

Introduction to XACML

XACML Data Flow and Architecture

XACML Usage Scenarios

Summary

References

Part IV: Security Design Methodology, Patterns, and Reality Checks

Chapter 8. The Alchemy of Security DesignMethodology, Patterns, and Reality Checks

The Rationale

Secure UP

Security Patterns

Security Patterns for J2EE, Web Services, Identity Management, and Service Provisioning

Reality Checks

Security Testing

Adopting a Security Framework

Refactoring Security Design

Service Continuity and Recovery

Conclusion

References

Part V: Design Strategies and Best Practices

Chapter 9. Securing the Web TierDesign Strategies and Best Practices

Web-Tier Security Patterns

Best Practices and Pitfalls

References

Chapter 10. Securing the Business TierDesign Strategies and Best Practices

Security Considerations in the Business Tier

Business Tier Security Patterns

Best Practices and Pitfalls

References

Chapter 11. Securing Web ServicesDesign Strategies and Best Practices

Web Services Security Protocols Stack

Web Services Security Infrastructure

Web Services Security Patterns

Best Practices and Pitfalls

References

Chapter 12. Securing the IdentityDesign Strategies and Best Practices

Identity Management Security Patterns

Best Practices and Pitfalls

References

Chapter 13. Secure Service ProvisioningDesign Strategies and Best Practices

Business Challenges

User Account Provisioning Architecture

Introduction to SPML

Service Provisioning Security Pattern

Best Practices and Pitfalls

Summary

References

Part VI: Putting It All Together

Chapter 14. Building End-to-End Security ArchitectureA Case Study

Overview

Use Case Scenarios

Application Architecture

Security Architecture

Design

Development

Testing

Deployment

Summary

Lessons Learned

Pitfalls

Conclusion

References

Part VII: Personal Identification Using Smart Cards and Biometrics

Chapter 15. Secure Personal Identification Strategies Using Smart Cards and Biometrics

Physical and Logical Access Control

Enabling Technologies

Smart Card-Based Identification and Authentication

Biometric Identification and Authentication

Multi-factor Authentication Using Smart Cards and Biometrics

Best Practices and Pitfalls

References

Index