Securing Web Services with WS-Security: Demystifying WS-Security, WS-Policy, SAML, XML Signature, and XML Encryption - page 1
- 1
- 2
- Securing Web Services with WS-Security
- Securing Web Services with WS-Security
- Table of Contents
- Copyright
- About the Authors
- Acknowledgments
- We Want to Hear from You
- Forewords
- Securing Web Services to Deliver on Their Promise
- Building the Foundation for Agile Computing
- Introduction
- Who This Book Is For
- About This Book
- How This Book Is Organized
- Chapter 1. Basic Concepts of Web Services Security
- Web Services Basics: XML, SOAP, and WSDL
- Application Integration
- Security Basics
- Web Services Security Basics
- Summary
- Chapter 2. The Foundations of Web Services
- The Gestalt of Web Services
- XML: Meta-Language for Data-Oriented Interchange
- SOAP: XML Messaging and Remote Application Access
- WSDL: Schema for XMLSOAP Objects and Interfaces
- UDDI: Publishing and Discovering Web Services
- ebXML and RosettaNet: Alternative Technologies for Web Services
- The Web Services Security Specifications
- Summary
- Chapter 3. The Foundations of Distributed Message-Level Security
- The Challenges of Information Security for Web Services
- Shared Key Technologies
- Public Key Technologies
- Summary
- Chapter 4. Safeguarding the Identity and Integrity of XML Messages
- Introduction To and Motivation for XML Signature
- XML Signature Fundamentals
- XML Signature Structure
- XML Signature Processing
- The XML Signature Elements
- Security Strategies for XML Signature
- Summary
- Chapter 5. Ensuring Confidentiality of XML Messages
- Introduction to and Motivation for XML Encryption
- XML Encryption Fundamentals
- XML Encryption Structure
- XML Encryption Processing
- Using XML Encryption and XML Signature Together
- Summary
- Chapter 6. Portable Identity, Authentication, and Authorization
- Introduction to and Motivation for SAML
- How SAML Works
- Using SAML with WS-Security
- Applying SAML: Project Liberty
- Summary
- Chapter 7. Building Security into SOAP
- Introduction to and Motivation for WS-Security
- Extending SOAP with Security
- Security Tokens in WS-Security
- Providing Confidentiality: XML Encryption in WS-Security
- Providing Integrity: XML Signature in WS-Security
- Message Time Stamps
- Summary
- Chapter 8. Communicating Security Policy
- WS-Policy
- The WS-Policy Framework
- WS-SecurityPolicy
- Summary
- Chapter 9. Trust, Access Control, and Rights for Web Services
- The WS- Family of Security Specifications
- XML Key Management Specification (XKMS)
- eXtensible Access Control Markup Language (XACML) Specification
- eXtensible Rights Markup Language (XrML) Management Specification
- Summary
- Chapter 10. Building a Secure Web Service Using BEA s WebLogic Workshop
- Security Layer Walkthrough
- WebLogic Workshop Web Service Walkthrough
- Summary
- Appendix A. Security, Cryptography, and Protocol Background Material
- The SSL Protocol
- 1
- 2
