| Today web services is attracting many businesses to incorporate the technology, and soon many applications are seen using it. Web services offers certain benefits over other technologies, one of them being integration, making it suitable for e?business. They are faster and cheaper to develop, easier to deploy and be discovered, and offer more flexibility and interoperability. However, these advantages come along with some security risks, which is the primary concern for most managers today. The security architecture designed for the Web is limited when used for the web services architecture, and the need for new standards is realized. The solutions to these problems are emerging and standards are being created for the Internet world to quickly adapt to the new security architecture.
These emerging security standards that promise to solve most of the security threats is the primary focus of this book. It pinpoints the security loopholes in the current system with web services in mind. The use cases stating the problem area along with the various available techniques, standards, and toolkits are discussed to help developers understand, develop, and deploy a secured web service.
What's Covered in this Book?
This book is split into three parts:
- Concepts - The Concepts section is a general introduction as to what web services are all about, the business motivators that drive them and the need for security in them.
- Principles - The Principles section is the crux of this book. It brings out the concepts involved in security, the evolution of web service specific security standards, and a detailed discussion of each.
- Applications - Finally, in the Applications section, we deal with two case studies, typically one each for J2EE and .NET.
Who is this Book For?
This book is for web services developers who have a good understandingof the web services architecture; those who have worked on developing and possibly deploying web services on any platform available. Readers from J2EE or .NET platforms will get more benefit as this book gives a practical case study on each of these platforms. For those who are not familiar with these platforms can still benefit from learning the architecture and principles of security in web services.
It is for readers who are seeking real-world, practical information on how to make their web services fully secure. It is also useful for security analysts who are responsible for system integrity.
Summary of Contents
- Chapter 1: Web Services
- Chapter 2: Security
- Chapter 3: Authentication Mechanisms
- Chapter 4: PKI
- Chapter 5: SSL
- Chapter 6: XML Signature
- Chapter 7: XML Encryption
- Chapter 8: XKMS
- Chapter 9: SAML
- Chapter 10: XACML
- Chapter 11: WS-Security
- Chapter 12: P3P
- Chapter 13: J2EE Web Services: Case Study
- Chapter 14: .NET Web Services: Case Study
- Appendix A: Toolkits
- Appendix B: Tomcat/Axis Installation
- Appendix C: Tomcat SSL Configuration