Tài liệu hạn chế xem trước, để xem đầy đủ mời bạn chọn Tải xuống
1
/ 236 trang
THÔNG TIN TÀI LIỆU
Cấu trúc
Cover
Table of Contents
Preface
Chapter 1: Introduction to Web Services Security
The Need for Web Services Security
Security Challenges in a Web Services Environment
The Need for Identity Propagation from Calling Application to Web Services
Why HTTPS Based Security Is Not Enough
Components of Web Services Security
Authentication
Authorization
Confidentiality
Integrity
Return on Investment
Summary
Chapter 2: Web Services Security—Architectural Overview
Overview of XML Security Standards
Closer Look at SOAP Messages
Authentication
Confidentiality
Integrity
Overview of WS-Security Standards
Implementing WS-*Security in Applications
Centralized Management of WS-*Security
The Need for Centralizing WS-*Security Operations
Benefits of Centralizing Web Services Security Operations
Introduction to Oracle Web Services Manager
Summary
Chapter 3: Architecture Overview of Oracle WSM
Oracle WSM Architecture
Oracle WSM Policy Manager
Overview of Oracle WSM Policy Manager
Authentication
Authorization
Confidentiality
Integrity and Non-Repudiation
Policy Steps and Pipeline Templates
Relationship Between Policy and Service
Oracle WSM Gateway
Proxy, or Exposing Internal Service to External Business Partner, or Outside of Intranet
Transport Protocol Translation
Content Routing
Summary
Chapter 4: Authentication and Authorization of Web Services Using Oracle WSM
Oracle WSM: Authentication and Authorization
Oracle WSM: File Authenticate and Authorize
Oracle WSM: Active Directory Authenticate and Authorize
Oracle WSM: Policy Template
Oracle WSM: Sample Application AD Authentication
Web Service Security Policy
Registering The Web Service with Oracle WSM
Creating The Security Policy
Commit The Policy
Oracle WSM Test Page as Client Application
Microsoft .NET Client Application
Summary
Chapter 5: Encrypting and Decrypting Messages in Oracle WSM
Overview of Encryption and Decryption
Symmetric Cryptography
Asymmetric Cryptography
Oracle WSM and Encryption
Encryption and Decryption with Oracle WSM
Encryption Algorithm
Key Transport Algorithm
Internal Working of the XML Encrypt Policy Step
Oracle WSM Sample Application Overview
Oracle WSM Encryption and Decryption Policy
Creating the Security Policy
Oracle WSM Test Page as Client Application
Microsoft .NET Client Application
Summary
Chapter 6: Digitally Signing and Verifying Messages in Web Services
Overview of Digital Signatures
Digital Signatures in Web Services
Signature Generation Using Oracle WSM
Sign Message Policy Step
Internals of Sign Message Policy Step
Reference Element
SignedInfo Element
Signature
Signature Generation and Verification Example
Registering Web Service with Oracle WSM
Signature Verification by Oracle WSM
Signature Generation by Oracle WSM
Oracle WSM Test Page as Client Application
Microsoft .NET Client Application
Summary
Chapter 7: Oracle WSM Custom Policy Step
Overview of Oracle WSM Policy Steps
Implementing a Custom Policy Step
Extending the AbstractStep Class
Deploying the Custom Policy Step
Step Template XML File Creation
Custom Policy Step Example: Restrict Access Based on IP Address to the Specified Method
Extending the AbstractStep
Testing the Custom Policy Step
Summary
Chapter 8: Deployment Architecture
Oracle WSM Components
Addressing Oracle WSM Scalability
Addressing High Availability
Installation
Disabling Unnecessary Components
Mapping Component ID on Host1 and Host2
Configuring Oracle WSM Monitor on Host3
Summary
Chapter 9: Oracle WSM Runtime-Monitoring
Oracle WSM Operational Management
Oracle WSM Overall Statistics
Oracle WSM Security Statistics
Oracle WSM Service Statistics
Oracle WSM Custom Views
Oracle WSM Alarms
Summary
Chapter 10: XML Encryption
XML Encryption and Web Services
XML Encryption Schema
EncryptedData
EncryptionMethodType
EncryptionMethodType Schema
CipherData Element
EncryptedKey Element
KeyInfo Element
Summary
Chapter 11: XML Signature
XML Signature and Web Services
XML Signature Schema
Signature Element
SignedInfo Element
Reference Element
Transforms Element
KeyInfo Element
Summary
Chapter 12: Sign and Encrypt
Overview of Sign and Encrypt
Signing and Encrypting Message
Sign and Encrypt by Example
Example Overview
Time Web Service: Decrypt and Verify Signature
Beauty of Oracle WSM Gateway: Sign And Encrypt by Oracle WSM
Service Provider:
Service Consumer:
Sign And Encrypt Policy
Summary
Chapter 13: Enterprise Security —Web Services and SSO
Web Services Security Components
Authentication, Authorization and Credential Stores
Integrating with Web Access Management Solution
Security Token Service: Bridging the GAP between WAM and Oracle WSM
Integrated Security Architecture
Summary
Index
Nội dung
[...]... Security WebServices and SSO WebServices Security Components Authentication, Authorization and Credential Stores Integrating with Web Access Management Solution Security Token Service: Bridging the GAP between WAM and Oracle WSM Integrated Security Architecture Summary 201 201 202 203 206 208 209 Index 211 [] Preface OracleWebServices Manager, a component of SOA Suite from Oracle is a web services. .. for Centralizing WS-*Security Operations Benefits of Centralizing WebServices Security Operations Introduction to OracleWebServicesManager Summary 5 6 13 14 15 17 20 23 24 27 27 28 28 29 Table of Contents Chapter 3: Architecture Overview of Oracle WSM Oracle WSM Architecture Oracle WSM Policy Manager Overview of Oracle WSM Policy Manager Authentication Authorization Confidentiality Integrity and... Introduction to WebServices Security 1 5 The Need for WebServices Security Security Challenges in a WebServices Environment The Need for Identity Propagation from Calling Application to WebServices Why HTTPS Based Security Is Not Enough Components of WebServices Security Authentication Authorization Confidentiality Integrity Return on Investment Summary 7 9 10 10 10 11 11 11 12 Chapter 2: Web Services. .. systems and provides an overview of OracleWebServicesManager Chapter 3 discusses the architecture of OracleWebServicesManager In this chapter, we explore the various components of Oracle WSM, such as gateway, agent, policy management, routing, monitoring, etc Preface Chapter 4 talks in-depth about how to implement authentication and authorization in webservices using Oracle WSM It explains how to... the challenge is to externalize the security to another application such as OracleWebServicesManager In this chapter, we will discuss the need for centralized management of web services, policy definition and policy enforcement with a quick introduction to OracleWebServicesManager Overview of XML Security Standards Webservices is nothing but a set of XML messages that are exchanged between software... an introduction to why webservices should be secured in an organization and explains the different components of webservices security that should be addressed The next chapter will describe the various standards in webservices security, the importance of centralized policy manager, and will also explain the web services security from an architect's point of view [ 12 ] Web Services Security— Architectural... securing the web services is no different Implementing web services security does require certain investment, either in terms of buying an off-the-shelf product such as OracleWeb Service Manager, or implementing a custom security framework across all the web services and the clients In either case, the investment should be justified for the business owners While calculating the ROI on webservices security... between the web service provider and the web service consumer The following diagram shows how the web service is given access only to a trusted organization, and the intruder is prevented from accessing the web service Web server executing transactions Web user Web server Webservices (internal and external) Web server attaches the client certificate white invoking the web service Cannot access because of... in-depth overview of webservices security from a business point of view, describing the security challenges in a webservices environment, why traditional network security isn't enough, and how to measure the ROI on webservices security Chapter 2 discusses the architecture of webservices security including the various interoperable standards, challenges in implementing webservices security in NET... Messages in WebServices Overview of Digital Signatures Digital Signatures in WebServices Signature Generation Using Oracle WSM Sign Message Policy Step Internals of Sign Message Policy Step Reference Element SignedInfo Element Signature Signature Generation and Verification Example Registering Web Service with Oracle WSM Signature Verification by Oracle WSM Signature Generation by Oracle WSM Oracle WSM . x0 y0 w0 h1" alt="" Oracle Web Services Manager Securing Your Web Services Sitaraman Lakshminarayanan BIRMINGHAM - MUMBAI Oracle Web Services Manager Securing Your Web Services Copyright. provides an overview of Oracle Web Services Manager. Chapter 3 discusses the architecture of Oracle Web Services Manager. In this chapter, we explore the various components of Oracle WSM, such as. Centralizing Web Services Security Operations 28 Introduction to Oracle Web Services Manager 28 Summary 29 Table of Contents [ ii ] Chapter 3: Architecture Overview of Oracle WSM 31 Oracle WSM