Securing Web Services with WS-Security: Demystifying WS-Security, WS-Policy, SAML, XML Signature, and XML Encryption
May 1, 2010 by BPELforum · 5 Comments
Product Description
You know how to build Web service applications using XML, SOAP, and WSDL, but can you ensure that those applications are secure? Standards development groups such as OASIS and W3C have released several specifications designed to provide security – but how do you combine them in working applications?
“Securing Web Services with WS-Security” will help you take your Web services securely to production, with insight into the latest security standards including
- WS-Security, a model that defines how to put security specifications into practice
- XML Encryption to ensure confidentiality
- XML Signature to ensure data integrity
- Security Assertion Markup Language (SAML) to authenticate and authorize users
- WS-Policy to set policies across trust domains
Jothy Rosenberg and David Remy, both business, technology, and security visionaries, demystify these standards with practical examples including a fully developed case study application showing these tools at work. A pragmatic approach is taken showing which Web Services Security standards are needed when faced with a variety of security challenges. The authors understand that security remains one of the largest remaining impediments to deploying major Web services in business-critical situations. The goal of this book is to begin to remove those impediments by providing a detailed understanding of all the available security technologies and how and when to employ them.
From one of the authors: we have available some material on how to build secure .NET Web services. Some readers of the book may find this helpful in their efforts to build secure Web services on the .NET platform.
(…)
Rating: 5 / 5
This book hits the nail on the head. There are a ton of prospective Web Service and security standards floating around. These authors focus on just the ones that matter. XACML, WS-TrustedConversation, etc. etc. may have an impact later on. But today, it is WS-Security, WS-Policy, SAML, XML Signature, and XML Encryption that are the ones that count.
Rating: 5 / 5
This book makes web service security and ws-security easy to understand. It includes diagrams that makes complicated process easy to understand.
It also includes samples and screen shots on securing web services using WebLogic Workshop. These step by step demo makes ws-security appears so simple.
Rating: 5 / 5
Perfect book for the novice as well as the person that thinks they know it all, but just wants to be sure. With the emergence of Web Services and the security concerns surrounding them, its nice to get an strong grasp on the different components that must be considered. This book does a very nice job at outlining the differences and helps anyone understand the critical need for understanding all aspects of securing Web Services. When put in perspective like this, it makes you realize that implementation is not so hard as long as you know what to implement.
Rating: 5 / 5
This book is perfect for those interested to know the fundamentals of XML Security and the security standards landscape for Web services. Instead of searching around the web, you may find the book as a one-stop reference for understanding WS-Security. From a developer standpoint, you may find this book as a little help only. You may need to look for a hands-on security book like ‘Core Security Patterns’ for learning how to implement these ever evolving standards.
Rating: 3 / 5