How This Book Is Organized

Securing Web Services with WS-Security is not a reference text, but you can treat certain chapters as reference tools. We recommend you read Chapters 2, "The Foundations of Web Services," 3, "The Foundations of Distributed Message-Level Security," 4, "Safeguarding the Identity and Integrity of XML Messages," and 5, "Ensuring Confidentiality of XML Messages" in sequence because they build a foundation on which later chapters are built. In general, you do not need to read subsequent chapters in any sequence. Later chapters on WS-Security, WS-Policy, Portable Identity (SAML), and other WS-* technologies all stand on their own. Chapter 10 includes a case study on how secure Web services are built and deployed on a commonly used application server platform. An appendix includes detailed reference material about cryptographic algorithms. We have included a glossary at the end of the book to act as a guide to terms that can be confusing and for which it is hard to find definitions.

The "straight-line" text of the book covers the critical information you need. We also include " color commentary ," opinions, juicy industry tidbits, and useful but not critical extra information about the topics in the chapters in sidebars, which are designed to enable you to better understand why things are done in a certain way or avoid making bad choices when laying down a security policy or implementation. Sometimes, though, they are just our opinions and nothing more.

In the end, we hope this book provides you with deeper insights into how Web services are similar to as well as different from previous forms of distributed computing middleware security. From there, we hope the book provides you with a much better understanding of identity and security but also of the depth and complexity of the security issues when applied to self-describing messages sent between machines over insecure networks. The book is not designed to scare you, so throughout we provide guidance ”based on our opinions ”of what parts of the emerging standards you can use today and which you need to prepare to use later.

Because this book is, in part, based on a substantial body of standards specifications, we will point you to those specific standards and other resources for more detailed information. In general, most of these standards come from OASIS (www.oasis- open .org) or from the W3C (www.w3c.org). Both of these organizations have well-organized sites you should visit frequently so that you can remain current on information provided there.

The code for the case study presented in Chapter 10 is available from the Sams Web site. Go to www.samspublishing.com and type the book's ISBN (0672326515) into the search field to go to this book's Web page and download the code.