About This Book

 <  Day Day Up  >  

This book is not a formal programming reference, but we have included numerous snippets of sample code and a significant case study in Chapter 10, "Building a Secure Web Service Using BEA's WebLogic Workshop," that walks you through securing Web services on the WebLogic J2EE platform. It is a solid introduction to the body of knowledge about identity and security issues and the standards and solutions you will need to successfully build and deploy secure Web services. With this book as the starting point, you should be able to navigate the myriad detailed standards, specifications, and proposed standards and put them in perspective in the specific areas you need to develop into your secure Web service applications.

Already, thousands of people are deploying Web services either for application integration, for building powerful portals, for trading partner integration, or just to promote effective re-use of a useful service. In fact, because virtually every application being contemplated includes a set of SOAP or XML interfaces, this is a critical book to provide overview and perspective for most, if not all, programmers. Web services, as we will show in detail, create a whole new set of security challenges that we did not have with corporate networks, Web applications, or previous forms of distributed computing. Corporations will not deploy a Web service without first having a thorough understanding of its security implications on the organization. If you proceed without understanding this point, you might as well start installing Trojan horses right away.

This book provides a basic understanding of what Web services are for and the simple concepts behind how this new incarnation of middleware functions. We will put Web services in context, but as a prerequisite, you should know, at an overview level, what the alphabet soup set of Web services standards is all about. Although we dive into these standards in some detail, we do so in the context of Web services being middleware that extends across trust domains, and we will help you appreciate the security issues this new construct brings to your development scenarios. In terms of security, if you already have an understanding of simple concepts such as what Secure Socket Layer (SSL) is and what public key cryptography is, that knowledge will be helpful because we build on these concepts. A working knowledge of XML syntax is also important; we use concrete examples of XML throughout the book.

The approach we take in this book is not to just dive into the standards and specifications. We want to provide a strong perspective on how they relate both to Web services and the tried-and-true principles of security. When we introduce Web services, we try to show how they are a natural extension of middleware for distributed computing. What did we learn about security then that applies now? What is different? And where are those security approaches not relevant? When talking about security, we want to make sure you understand not just what XML Signature is for, but also why it uses public key rather than shared key encryption and why hashing is important for signatures and why XML Signature is not appropriate to use for confidentiality of messages. This book will answer these and many more questions about what you need to think about when beginning to plan the security of your Web services. It will help guide how you should go about implementing your secure Web services so they deliver the right level of security for what is at risk and still remain usable and useful for the business purposes for which they are intended.

 <  Day Day Up  >  


Securing Web Services with WS-Security. Demystifying WS-Security, WS-Policy, SAML, XML Signature, and XML Encryption
Securing Web Services with WS-Security: Demystifying WS-Security, WS-Policy, SAML, XML Signature, and XML Encryption
ISBN: 0672326515
EAN: 2147483647
Year: 2004
Pages: 119

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net