Flylib.com
Core Security Patterns: Best Practices and Strategies for J2EE, Web Services, and Identity Management
Core Security Patterns: Best Practices and Strategies for J2EE, Web Services, and Identity Management
ISBN: 0131463071
EAN: 2147483647
Year: 2005
Pages: 204
Authors:
Christopher Steel
,
Ramesh Nagappan
,
Ray Lai
BUY ON AMAZON
Core Security Patterns: Best Practices and Strategies for J2EE, Web Services, and Identity Management
Table of Contents
Copyright
Praise for Core Security Patterns
Prentice Hall Core Series
Foreword
Foreword
Preface
What This Book Is About
What This Book Is Not
Who Should Read This Book?
How This Book Is Organized
Companion Web Site
Feedback
Acknowledgments
Chris Steel
Ramesh Nagappan
Ray Lai
About the Authors
Part I: Introduction
Chapter 1. Security by Default
Business Challenges Around Security
What Are the Weakest Links?
The Impact of Application Security
The Four W s
Strategies for Building Robust Security
Proactive and Reactive Security
The Importance of Security Compliance
The Importance of Identity Management
Secure Personal Identification
The Importance of Java Technology
Making Security a Business Enabler
Summary
References
Chapter 2. Basics of Security
Security Requirements and Goals
The Role of Cryptography in Security
The Role of Secure Sockets Layer (SSL)
The Importance and Role of LDAP in Security
Common Challenges in Cryptography
Threat Modeling
Identity Management
Summary
References
Part II: Java Security Architecture and Technologies
Chapter 3. The Java 2 Platform Security
Java Security Architecture
Java Applet Security
Java Web Start Security
Java Security Management Tools
J2ME Security Architecture
Java Card Security Architecture
Securing the Java Code
Summary
References
Chapter 4. Java Extensible Security Architecture and APIs
Java Extensible Security Architecture
Java Cryptography Architecture (JCA)
Java Cryptographic Extensions (JCE)
Java Certification Path API (CertPath)
Java Secure Socket Extension (JSSE)
Java Authentication and Authorization Service (JAAS)
Java Generic Secure Services API (JGSS)
Simple Authentication and Security Layer (SASL)
Summary
References
Chapter 5. J2EE Security Architecture
J2EE Architecture and Its Logical Tiers
J2EE Security Definitions
J2EE Security Infrastructure
J2EE Container-Based Security
J2EE ComponentTier-Level Security
J2EE Client Security
EJB Tier or Business Component Security
EIS Integration TierOverview
J2EE ArchitectureNetwork Topology
J2EE Web Services SecurityOverview
Summary
References
Part III: Web Services Security and Identity Management
Chapter 6. Web Services SecurityStandards and Technologies
Web Services Architecture and Its Building Blocks
Web Services SecurityCore Issues
Web Services Security Requirements
Web Services Security Standards
XML Signature
XML Encryption
XML Key Management System (XKMS)
OASIS Web Services Security (WS-Security)
WS-I Basic Security Profile
Java-Based Web Services Security Providers
XML-Aware Security Appliances
Summary
References
Chapter 7. Identity Management Standards and Technologies
Identity ManagementCore Issues
Understanding Network Identity and Federated Identity
Introduction to SAML
SAML Architecture
SAML Usage Scenarios
The Role of SAML in J2EE-Based Applications and Web Services
Introduction to Liberty Alliance and Their Objectives
Liberty Alliance Architecture
Liberty Usage Scenarios
The Nirvana of Access Control and Policy Management
Introduction to XACML
XACML Data Flow and Architecture
XACML Usage Scenarios
Summary
References
Part IV: Security Design Methodology, Patterns, and Reality Checks
Chapter 8. The Alchemy of Security DesignMethodology, Patterns, and Reality Checks
The Rationale
Secure UP
Security Patterns
Security Patterns for J2EE, Web Services, Identity Management, and Service Provisioning
Reality Checks
Security Testing
Adopting a Security Framework
Refactoring Security Design
Service Continuity and Recovery
Conclusion
References
Part V: Design Strategies and Best Practices
Chapter 9. Securing the Web TierDesign Strategies and Best Practices
Web-Tier Security Patterns
Best Practices and Pitfalls
References
Chapter 10. Securing the Business TierDesign Strategies and Best Practices
Security Considerations in the Business Tier
Business Tier Security Patterns
Best Practices and Pitfalls
References
Chapter 11. Securing Web ServicesDesign Strategies and Best Practices
Web Services Security Protocols Stack
Web Services Security Infrastructure
Web Services Security Patterns
Best Practices and Pitfalls
References
Chapter 12. Securing the IdentityDesign Strategies and Best Practices
Identity Management Security Patterns
Best Practices and Pitfalls
References
Chapter 13. Secure Service ProvisioningDesign Strategies and Best Practices
Business Challenges
User Account Provisioning Architecture
Introduction to SPML
Service Provisioning Security Pattern
Best Practices and Pitfalls
Summary
References
Part VI: Putting It All Together
Chapter 14. Building End-to-End Security ArchitectureA Case Study
Overview
Use Case Scenarios
Application Architecture
Security Architecture
Design
Development
Testing
Deployment
Summary
Lessons Learned
Pitfalls
Conclusion
References
Part VII: Personal Identification Using Smart Cards and Biometrics
Chapter 15. Secure Personal Identification Strategies Using Smart Cards and Biometrics
Physical and Logical Access Control
Enabling Technologies
Smart Card-Based Identification and Authentication
Biometric Identification and Authentication
Multi-factor Authentication Using Smart Cards and Biometrics
Best Practices and Pitfalls
References
Index
SYMBOL
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z
Core Security Patterns: Best Practices and Strategies for J2EE, Web Services, and Identity Management
ISBN: 0131463071
EAN: 2147483647
Year: 2005
Pages: 204
Authors:
Christopher Steel
,
Ramesh Nagappan
,
Ray Lai
BUY ON AMAZON
MySQL Stored Procedure Programming
Using SELECT Statements with an INTO Clause
Creating Triggers
Using PHP with the mysqli Extension
Using Stored Procedures with Hibernate
Dynamic SQL
Introduction to 80x86 Assembly Language and Computer Architecture
Parts of a Computer System
The Assembly Process
Input/Output
Appendix D 80x86 Instructions (by Mnemonic)
Appendix E 80x86 Instructions (by Opcode)
Cisco CallManager Fundamentals (2nd Edition)
Overview of Circuit-Switched Interfaces
H.323 Gateways
Architecture and Functionality of the Media Control Layer
Call Detail Records
Identifying CDR Data Generated for Each Call Type
Special Edition Using Crystal Reports 10
Joining Database Objects Together
Modifying Report Section Properties
Introduction
Customizing the Web Desktop
The Crystal Enterprise Java SDK
Cisco ASA: All-in-One Firewall, IPS, and VPN Adaptive Security Appliance
Cisco Firewall Products
H.323
Deployment Scenarios of Cisco IPSec VPN
Configuring IPSec Site-to-Site Tunnels Using Certificates
Site-to-Site VPN Setup Using PKI
The Lean Six Sigma Pocket Toolbook. A Quick Reference Guide to Nearly 100 Tools for Improving Process Quality, Speed, and Complexity
Value Stream Mapping and Process Flow Tools
Voice of the Customer (VOC)
Data Collection
Identifying and Verifying Causes
Reducing Lead Time and Non-Value-Add Cost
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy
This website uses cookies. Click
here
to find out more.
Accept cookies