Security for Service Oriented Architectures

Overview

Although integrating security into the design of applications has proven to deliver resilient products, there are few books available that provide guidance on how to incorporate security into the design of an application. Filling this need, Security for Service Oriented Architectures examines both application and security architectures and illustrates the relationship between the two.

Supplying authoritative guidance on how to design distributed and resilient applications, the ...

See more details below
Other sellers (Paperback)
  • All (9) from $58.73   
  • New (6) from $58.73   
  • Used (3) from $63.50   
Sending request ...

Overview

Although integrating security into the design of applications has proven to deliver resilient products, there are few books available that provide guidance on how to incorporate security into the design of an application. Filling this need, Security for Service Oriented Architectures examines both application and security architectures and illustrates the relationship between the two.

Supplying authoritative guidance on how to design distributed and resilient applications, the book provides an overview of the various standards that service oriented and distributed applications leverage, including SOAP, HTML 5, SAML, XML Encryption, XML Signature, WS-Security, and WS-SecureConversation. It examines emerging issues of privacy and discusses how to design applications within a secure context to facilitate the understanding of these technologies you need to make intelligent decisions regarding their design.

This complete guide to security for web services and SOA considers the malicious user story of the abuses and attacks against applications as examples of how design flaws and oversights have subverted the goals of providing resilient business functionality. It reviews recent research on access control for simple and conversation-based web services, advanced digital identity management techniques, and access control for web-based workflows.

Filled with illustrative examples and analyses of critical issues, this book provides both security and software architects with a bridge between software and service-oriented architectures and security architectures, with the goal of providing a means to develop software architectures that leverage security architectures.

It is also a reliable source of reference on Web services standards. Coverage includes the four types of architectures, implementing and securing SOA, Web 2.0, other SOA platforms, auditing SOAs, and defending and detecting attacks.

Read More Show Less

Product Details

  • ISBN-13: 9781466584020
  • Publisher: Taylor & Francis
  • Publication date: 5/1/2014
  • Pages: 341
  • Product dimensions: 6.10 (w) x 9.00 (h) x 0.90 (d)

Meet the Author

Walt Williams, CISSP®, SSCP®, CEH, CPT has served as an infrastructure and security architect at firms as diverse as GTE Internetworking, State Street Corp, Teradyne, The Commerce Group, and EMC. He has since moved to security management, where he now manages security at Lattice Engines. He is an outspoken proponent of design before build, an advocate of frameworks and standards, and has spoken at Security B-Sides on risk management as the cornerstone of a security architecture.

Mr. Williams' articles on security and service oriented architecture have appeared in the Information Security Management Handbook. He sits on the board of directors for the New England ISSA chapter and is a member of the program committee for Metricon. He has a master’s degree in anthropology from Hunter College.

Read More Show Less

Table of Contents

Introduction

Four Kinds of Architectures
Architecture
Infrastructure
Software Architectures
2.3.1 Key Principles
2.3.2 Presentation Layer
2.3.3 Business Layer
2.3.4 Data Layer
2.3.5 Workflow
2.3.6 Communications and Messaging
2.3.7 Service Layer
Service-Oriented Architecture
2.4.1 Distributed Computing and Services
2.4.2 Process-Oriented SOA
2.4.3 Web Services or an Externally Focused SOA
2.4.4 Enterprise Service Bus
Security Architecture
2.5.1 Construction of a Security Architecture
2.5.2 Risk Management
2.5.3 Organization and Management
2.5.4 Third Parties
2.5.5 Asset Management
2.5.6 Information Classification
2.5.7 Identity Management
2.5.8 Security Awareness and Training
2.5.9 Physical Security
2.5.10 Communications and Operations Management
2.5.11 Perimeters and Partitioning
2.5.12 Access Control
2.5.13 Authentication
2.5.14 Authorization
2.5.15 Separation of Duties
2.5.16 Principles of Least Privilege and Least Authority
2.5.17 Systems Acquisition, Development, and Maintenance
2.5.18 Confidentiality Models
2.5.18.1 Lattice Models
2.5.19 Nonrepudiation
2.5.20 Integrity Models
2.5.21 Service Clark–Wilson Integrity Model
2.5.22 Security Assessments and Audits
2.5.23 Incident Management
2.5.24 Business Continuity
2.5.25 Compliance
Data Architectures

Implementing and Securing SOA
Web Services
Extensible Markup Language
3.2.1 Signing XML
3.2.1.1 X ML Digital Signature
3.2.2 X ML Encryption
3.2.3 Key Management
3.2.3.1 Key Information
3.2.3.2 Location
3.2.3.3 Validation
3.2.3.4 Binding
3.2.3.5 Key Registration
3.2.4 X ML and Databases
3.2.4.1 A Database Query Language for XML
3.2.4.2 X ML Databases
3.2.5 UDDI
3.2.6 WSDL
SOAP
3.3.1 SOAP Roles and Nodes
3.3.2 SOAP Header Blocks
3.3.3 SOAP Fault
3.3.4 SOAP Data Model 9
3.3.5 SOAP Encoding
3.3.6 Bindings
3.3.7 Documents and RPC
3.3.8 Messaging
WS-Security
3.4.1 WS-Trust
3.4.2 WS-Policy
3.4.3 WS-SecureConversation
3.4.4 WS-Privacy and the P3P Framework
3.4.4.1 POLICIES
3.4.5 WS-Federation
3.4.5.1 Pseudonyms
3.4.5.2 Authorization
3.4.6 Authorization without WS-Federation
3.4.7 WS-Addressing
3.4.8 WS-ReliableMessaging
3.4.9 WS-Coordination
3.4.10 WS-Transaction
SAML
3.5.1 Assertions
3.5.2 Protocol
3.5.2.1 Assertion Query and Request Protocol
3.5.2.2 Authentication Request Protocol
3.5.2.3 Artifact Resolution Protocol
3.5.2.4 Name Identifier
Management Protocol
3.5.2.5 Single-Logout Protocol
3.5.2.6 Name Identifier Mapping Protocol
3.5.3 Authentication Context
3.5.4 Bindings
3.5.5 Profiles
3.5.6 Metadata
3.5.7 Versions
3.5.8 Security and Privacy Considerations
Kerberos
x509v3 Certificates
OpenID

Web 2.0
HTTP
REST
WebSockets

Other SOA Platforms
DCOM
CORBA
DDS
WCF
.Net Passport, Windows LiveID
WS-BPEL

Auditing Service-Oriented Architectures
Penetration Testing
6.1.1 Reconnaissance
6.1.2 I njection Attacks
6.1.3 Attacking Authentication
6.1.4 Attacking Authorization
6.1.5 Denial-of-Service Attacks
6.1.6 Data Integrity
6.1.7 Malicious Use of Service or Logic Attacks
6.1.8 Poisoning XML Schemas

Defending and Detecting Attacks
SSL/TLS
Firewalls, IDS, and IPS

Architecture
Example 1
Example 2
Example 3
Example 4

Bibliography

Index

Read More Show Less

Customer Reviews

Be the first to write a review
( 0 )
Rating Distribution

5 Star

(0)

4 Star

(0)

3 Star

(0)

2 Star

(0)

1 Star

(0)

Your Rating:

Your Name: Create a Pen Name or

Barnes & Noble.com Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & Noble.com that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & Noble.com does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at BN.com or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation

Reminder:

  • - By submitting a review, you grant to Barnes & Noble.com and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Noble.com Terms of Use.
  • - Barnes & Noble.com reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & Noble.com also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on BN.com. It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

 
Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously

    If you find inappropriate content, please report it to Barnes & Noble
    Why is this product inappropriate?
    Comments (optional)