| OverviewSOA is one of the latest technologies enterprises are using to tame
their software costs - in development, deployment, and management.
SOA makes integration easy, helping enterprises not only better
utilize their existing investments in applications and
infrastructure, but also open up new business opportunities.
However, one of the big stumbling blocks in executing SOA is
security. This book addresses Security in SOA with detailed
examples illustrating the theory, industry standards and best
practices.
It is true that security is important in any system. SOA brings
in additional security concerns as well rising out of the very
openness that makes it attractive. If we apply security principles
blindly, we shut ourselves of the benefits of SOA. Therefore, we
need to understand which security models and techniques are right
for SOA. This book provides such an understanding. Usually, security is seen as an esoteric topic that is better
left to experts. While it is true that security requires expert
attention, everybody, including software developers, designers,
architects, IT administrators and managers need to do tasks that
require very good understanding of security topics. Fortunately,
traditional security techniques have been around long enough for
people to understand and apply them in practice. This, however, is
not the case with SOA Security. Anyone seeking to implement SOA Security is today forced to dig
through a maze of inter-dependent specifications and API docs that
assume a lot of prior experience on the part of readers. Getting
started on a project is hence proving to be a huge challenge to
practitioners. This book seeks to change that. It provides
bottom-up understanding of security techniques appropriate for use
in SOA without assuming any prior familiarity with security topics
on the part of the reader. Unlike most other books about SOA that merely describe the
standards, this book helps you get started immediately by walking
you through sample code that illustrates how real life problems can
be solved using the techniques and best practices described in
standards. Whereas standards discuss all possible variations of
each security technique, this book focusses on the 20% of
variations that are used 80% of the time. This keeps the material
covered in the book simple as well as self-sufficient for all
readers except the most advanced. Editorial ReviewsProduct DescriptionSOA is one of the latest technologies enterprises are using to tame their software costs - in development, deployment, and management. SOA makes integration easy, helping enterprises not only better utilize their existing investments in applications and infrastructure, but also open up new business opportunities. However, one of the big stumbling blocks in executing SOA is security. This book addresses Security in SOA with detailed examples illustrating the theory, industry standards and best practices. It is true that security is important in any system. SOA brings in additional security concerns as well rising out of the very openness that makes it attractive. If we apply security principles blindly, we shut ourselves of the benefits of SOA. Therefore, we need to understand which security models and techniques are right for SOA. This book provides such an understanding. Usually, security is seen as an esoteric topic that is better left to experts. While it is true that security requires expert attention, everybody, including software developers, designers, architects, IT administrators and managers need to do tasks that require very good understanding of security topics. Fortunately, traditional security techniques have been around long enough for people to understand and apply them in practice. This, however, is not the case with SOA Security. Anyone seeking to implement SOA Security is today forced to dig through a maze of inter-dependent specifications and API docs that assume a lot of prior experience on the part of readers. Getting started on a project is hence proving to be a huge challenge to practitioners. This book seeks to change that. It provides bottom-up understanding of security techniques appropriate for use in SOA without assuming any prior familiarity with security topics on the part of the reader. Unlike most other books about SOA that merely describe the standards, this book helps you get started immediately by walking you through sample code that illustrates how real life problems can be solved using the techniques and best practices described in standards. Whereas standards discuss all possible variations of each security technique, this book focusses on the 20% of variations that are used 80% of the time. This keeps the material covered in the book simple as well as self-sufficient for all readers except the most advanced. |
Other Readers Also Read | Top Sellers in This Category | Browse Similar Topics | | | Top Level Categories:Sub-Categories: | | | | |
Reader Reviews From Amazon (Ranked by 'Helpfulness') Average Customer Rating: based on 11 reviews. Review by Gildas Cuisinier, 2009-03-22 Reviewer rating: SOA and security, two terms very present and important in the enterprise development.
Due to this and its title, this book sounds very promising. However, the authors reduce immediately the scope of the book in the introduction.
Indeed, the book is not to explain the SOA architecture and concepts, neither all the security notions.
The book is about the intersection of the two subjects and so a minimal knowledge of these is necessary. The book is aimed at an initiated public, but not an expert one.
However, the book is well put together and interesting. It is composed of three parts.
The first is a reminder of the basics of SOA and WebService security : SOAP Header SOAP, WS-Security.
The second part presents the concepts of security: authentication, authorization, encryption, ... This section is particularly interesting. It introduces various practices (user / password, Kerberos, PKI), while describing their advantages and disadvantages.
The last part is a little more complex and deals with real security-oriented service. Again, the different implementations of a security service are shown together with the technologies used for this purpose (SAML, WS-Trust, ...)
At the end of the reading, we have learnt lots of information, however there is still a feeling of weakness on the subject. But once again, it's voluntary. Given the complexity of the issues, only the fundamentals are presented, but many links are provided for those who wish to deepen a specific topic.
In terms of examples, an implementation based on Axis is provided at the end of the chapter. This is probably the only regret I have : Axis is a little old. However, the examples are explicit enough to be easily adapted with any other framework.
This book is more than interesting, even if the title "Introduction to SOA Security" would have been more representative. | Java-based Web Services Security, 2009-01-28 Reviewer rating: I read the entire book except for one appendix and I thought it did a good job of covering the theory of Web Services security and the details of Java-based implementations. I expect to reference this book in the future when I need to refresh my understanding of particular security standards. Here are the chapter and appendix titles:
1. SOA requires new approaches to security
2. Getting started with web services
3. Extending SOAP for security
4. Claiming and verifying identity with passwords
5. Secure authentication with Kerberos
6. Protecting confidentiality of messages using encryption
7. Using digital signatures
8. Implementing security as a service
9. Codifying security policies
10. Designing SOA security for a real-world enterprise
A. Limitations of Apache Axis
B. WS-SecureConversation
C. Attaching and securing binary data in SOAP
D. Securing SAML assertions
E. Application-Oriented Networking (AON)
I hope to see an updated second edition in the future that covers the following topics: JAX-WS / Metro code examples, SAML 2, JSR-196, and OpenSSO. | This book is named incorrectly., 2008-12-04 Reviewer rating: Great book for starters.
However it misses the latest Standards in Security such as PKI, SAML, XACML, WS-Federation, WS-Trust and how it pertains to SOA based solution architecture. So much for a book titled "SOA Security". Also it totally ignores to explain how to ensure security at all integration tiers.
Not for security experts, more for people who are starters and do not have time to "Google" either.
Does not do detailed coverage only basic topics related to Web services security around SOAP and WSDL standards with Apache Axis sample APIs (which are out of box and can be googled easily) are discussed. It is a bit difficult to relate the examples to the meat on the book.
Also missing is the information on how to use the abused Apache API examples to compose/build a Secure SOA service base architecture or how to secure BPM workflows, SOA governance, Identity management using federation, entitlement issues with BPM portals,... the list goes on.
This book contains very repetitive content. The only good portion I found was the chapter on XML Web services. The authors should refer Information Security Management Handbook, Sixth Edition (Isc2 Press) and Core Security Patterns: Best Practices and Strategies for J2EE(TM), Web Services, and Identity Management (Sun Core Series) before the next version comes out. | Mostly Axis examples, 2008-10-30 Reviewer rating: This book is great for beginners to SOA security. The examples are mostly in Axis from Apache. My background is with a commercial middleware and it took some imagination to translate the examples. Also, commercial security appliances like the Alcatel-Lucent web services gateway were left out completely.
After reading this book, I might think that calling a service for security would suffice. The common thinking today is to abstract the security into a central location run by security experts. Most SOA developers don't have the time or the depth of knowledge about certificates, user-centric policies, or even XML threat management to re-invent common security patterns.
Still the examples are solid and the concepts are important to know. | Good start before securing SOA, 2008-06-13 Reviewer rating: The main goal of this book (as stated in introduction section) is to give a reader good background knowledge on security in order to facilitate the implementation of security in SOA-based systems. This book is not for security experts, it is more for people who have to deal with security without having previous experience. It helps to answer the questions like how to secure collaborating Web services, what are the common practices.
Nevertheless, the book does not cover all the topics, however, mostly the basic ones. I found this book helpful to understand the fundamental instruments used in SOA security and continued with my own more specific and advanced solutions. |
Some information above was provided using data from Amazon.com. View at Amazon > |
| |
© 2009 Safari Books Online. All rights reserved.
|
