| | Copyright |
| | About the Authors |
| | Acknowledgments |
| | We Want to Hear from You! |
| | Forewords |
| | | Securing Web Services to Deliver on Their Promise |
| | | Building the Foundation for Agile Computing |
| | Introduction |
| | | Who This Book Is For |
| | | About This Book |
| | | How This Book Is Organized |
| | Chapter 1. Basic Concepts of Web Services Security |
| | | Web Services Basics: XML, SOAP, and WSDL |
| | | Application Integration |
| | | Security Basics |
| | | Web Services Security Basics |
| | | Summary |
| | Chapter 2. The Foundations of Web Services |
| | | The Gestalt of Web Services |
| | | XML: Meta-Language for Data-Oriented Interchange |
| | | SOAP: XML Messaging and Remote Application Access |
| | | WSDL: Schema for XML/SOAP Objects and Interfaces |
| | | UDDI: Publishing and Discovering Web Services |
| | | ebXML and RosettaNet: Alternative Technologies for Web Services |
| | | The Web Services Security Specifications |
| | | Summary |
| | Chapter 3. The Foundations of Distributed Message-Level Security |
| | | The Challenges of Information Security for Web Services |
| | | Shared Key Technologies |
| | | Public Key Technologies |
| | | Summary |
| | Chapter 4. Safeguarding the Identity and Integrity of XML Messages |
| | | Introduction To and Motivation for XML Signature |
| | | XML Signature Fundamentals |
| | | XML Signature Structure |
| | | XML Signature Processing |
| | | The XML Signature Elements |
| | | Security Strategies for XML Signature |
| | | Summary |
| | Chapter 5. Ensuring Confidentiality of XML Messages |
| | | Introduction to and Motivation for XML Encryption |
| | | XML Encryption Fundamentals |
| | | XML Encryption Structure |
| | | XML Encryption Processing |
| | | Using XML Encryption and XML Signature Together |
| | | Summary |
| | Chapter 6. Portable Identity, Authentication, and Authorization |
| | | Introduction to and Motivation for SAML |
| | | How SAML Works |
| | | Using SAML with WS-Security |
| | | Applying SAML: Project Liberty |
| | | Summary |
| | Chapter 7. Building Security into SOAP |
| | | Introduction to and Motivation for WS-Security |
| | | Extending SOAP with Security |
| | | Security Tokens in WS-Security |
| | | Providing Confidentiality: XML Encryption in WS-Security |
| | | Providing Integrity: XML Signature in WS-Security |
| | | Message Time Stamps |
| | | Summary |
| | Chapter 8. Communicating Security Policy |
| | | WS-Policy |
| | | The WS-Policy Framework |
| | | WS-SecurityPolicy |
| | | Summary |
| | Chapter 9. Trust, Access Control, and Rights for Web Services |
| | | The WS-* Family of Security Specifications |
| | | XML Key Management Specification (XKMS) |
| | | eXtensible Access Control Markup Language (XACML) Specification |
| | | eXtensible Rights Markup Language (XrML) Management Specification |
| | | Summary |
| | Chapter 10. Building a Secure Web Service Using BEA's WebLogic Workshop |
| | | Security Layer Walkthrough |
| | | WebLogic Workshop Web Service Walkthrough |
| | | Summary |
| | Appendix A. Security, Cryptography, and Protocol Background Material |
| | | The SSL Protocol |
| | | Testing for Primality |
| | | RSA Cryptography |
| | | DSA Digital Signature Algorithms |
| | | Block Cipher Processing |
| | | DES Encryption Algorithm |
| | | AES Encryption Algorithm |
| | | Hashing Details and Requirements |
| | | SHA1 |
| | | Silvio Micali's Fast Validation/Revocation |
| | | Canonicalization of Messages for Digital Signature Manifests |
| | | Base-64 Encoding |
| | | PGP |
| | Glossary |
| | Index |