| |  | Copyright |
| | | About the Authors |
| | | Acknowledgments |
| | | We Want to Hear from You! |
| | | Forewords |
| | | | Securing Web Services to Deliver on Their Promise |
| | | | Building the Foundation for Agile Computing |
| | | Introduction |
| | | | Who This Book Is For |
| | | | About This Book |
| | | | How This Book Is Organized |
| | | Chapter 1. Basic Concepts of Web Services Security |
| | | | Web Services Basics: XML, SOAP, and WSDL |
| | | | Application Integration |
| | | | Security Basics |
| | | | Web Services Security Basics |
| | | | Summary |
| | | Chapter 2. The Foundations of Web Services |
| | | | The Gestalt of Web Services |
| | | | XML: Meta-Language for Data-Oriented Interchange |
| | | | SOAP: XML Messaging and Remote Application Access |
| | | | WSDL: Schema for XML/SOAP Objects and Interfaces |
| | | | UDDI: Publishing and Discovering Web Services |
| | | | ebXML and RosettaNet: Alternative Technologies for Web Services |
| | | | The Web Services Security Specifications |
| | | | Summary |
| | | Chapter 3. The Foundations of Distributed Message-Level Security |
| | | | The Challenges of Information Security for Web Services |
| | | | Shared Key Technologies |
| | | | Public Key Technologies |
| | | | Summary |
| | | Chapter 4. Safeguarding the Identity and Integrity of XML Messages |
| | | | Introduction To and Motivation for XML Signature |
| | | | XML Signature Fundamentals |
| | | | XML Signature Structure |
| | | | XML Signature Processing |
| | | | The XML Signature Elements |
| | | | Security Strategies for XML Signature |
| | | | Summary |
| | | Chapter 5. Ensuring Confidentiality of XML Messages |
| | | | Introduction to and Motivation for XML Encryption |
| | | | XML Encryption Fundamentals |
| | | | XML Encryption Structure |
| | | | XML Encryption Processing |
| | | | Using XML Encryption and XML Signature Together |
| | | | Summary |
| | | Chapter 6. Portable Identity, Authentication, and Authorization |
| | | | Introduction to and Motivation for SAML |
| | | | How SAML Works |
| | | | Using SAML with WS-Security |
| | | | Applying SAML: Project Liberty |
| | | | Summary |
| | | Chapter 7. Building Security into SOAP |
| | | | Introduction to and Motivation for WS-Security |
| | | | Extending SOAP with Security |
| | | | Security Tokens in WS-Security |
| | | | Providing Confidentiality: XML Encryption in WS-Security |
| | | | Providing Integrity: XML Signature in WS-Security |
| | | | Message Time Stamps |
| | | | Summary |
| | | Chapter 8. Communicating Security Policy |
| | | | WS-Policy |
| | | | The WS-Policy Framework |
| | | | WS-SecurityPolicy |
| | | | Summary |
| | | Chapter 9. Trust, Access Control, and Rights for Web Services |
| | | | The WS-* Family of Security Specifications |
| | | | XML Key Management Specification (XKMS) |
| | | | eXtensible Access Control Markup Language (XACML) Specification |
| | | | eXtensible Rights Markup Language (XrML) Management Specification |
| | | | Summary |
| | | Chapter 10. Building a Secure Web Service Using BEA's WebLogic Workshop |
| | | | Security Layer Walkthrough |
| | | | WebLogic Workshop Web Service Walkthrough |
| | | | Summary |
| | | Appendix A. Security, Cryptography, and Protocol Background Material |
| | | | The SSL Protocol |
| | | | Testing for Primality |
| | | | RSA Cryptography |
| | | | DSA Digital Signature Algorithms |
| | | | Block Cipher Processing |
| | | | DES Encryption Algorithm |
| | | | AES Encryption Algorithm |
| | | | Hashing Details and Requirements |
| | | | SHA1 |
| | | | Silvio Micali's Fast Validation/Revocation |
| | | | Canonicalization of Messages for Digital Signature Manifests |
| | | | Base-64 Encoding |
| | | | PGP |
| | | Glossary |
| | | Index |
