[...]... the future of web services security. ” Ron Monzillo Sun Microsystems Contents Acknowledgments v Foreword vii Introduction xix Chapter 1 Overview of Web Services Security Web Services Overview Characteristics of Web Services Web Services Architecture Security as an Enabler for Web Services Applications Information Security Goals: Enable Use, Bar Intrusion Web Services Solutions Create New Security Responsibilities... Information Security: A Proven Concern Securing Web Services Web Services Security Requirements Providing Security for Web Services Unifying Web Services Security EASI Requirements EASI Solutions EASI Framework EASI Benefits Example of a Secure Web Services Architecture Business Scenario Scenario Security Requirements Summary 1 2 3 3 4 5 5 6 7 8 9 10 12 13 14 15 18 19 19 22 23 xi xii Contents Chapter 2 Web Services. .. Isolation 220 221 222 222 224 Creating Web Services with Microsoft Technologies Creating Web Services out of COM+ Components Creating Web Services out of COM Components Using SOAP Toolkit Creating Web Services with NET Remoting Creating Web Services Using ASP.NET Implementing Access to eBusiness with ASP.NET Web Services 224 225 226 228 229 233 Contents ASP.NET Web Services Security Authentication Data Protection... Java Web Services Using Java with Web Services Traditional Java Security Contrasted with Web Services Security 259 260 Authenticating Clients in Java Data Protection Controlling Access How SAML Is Used with Java Assessing an Application Server for Web Service Compatibility JSR Compliance Authentication Authorization Java Tools Available for Web Services Sun FORTE and JWSDP IBM WebSphere and Web Services. .. How Rich Does Security Policy Need to Be? 328 329 341 343 343 344 Administering Data Protection Making Web Services Development and Security Administration Play Well Together Summary 345 346 347 Chapter 12 Planning and Building a Secure Web Services Architecture Web Services Security: The Challenges 349 350 Security Must Be In Place What’s So Tough About Security for Web Services? What Is Security? Building... Java Web Services Examples Example Using WASP Example Using JWSDP Summary Chapter 10 Interoperability of Web Services Security Technologies The Security Interoperability Problem Between Security Tiers Layered Security Perimeter Security Mid-Tier Back-Office Tier Interoperable Security Technologies Authentication Security Attributes Authorization Maintaining the Security Context Handling Delegation in Web. .. about Web Services security solutions How This Book Is Organized This book is divided into three major sections: ■ ■ Chapters 1–3 provide a basic introduction to Web Services and security issues to get you started For securing very simple Web Services applications, this may be all the information you will need Chapter 3 describes a Web Services application using NET that provides limited Web Services security. .. XML Signature, SAML, and WS -Security Consistent examples that run through the book make it easy to apply the ideas to real systems Important reading for anyone involved in web services. ” Jeremy Epstein Director of Product Security, webMethods Inc “In Mastering Web Services Security the authors provide us with an excellent technical and historical synopsis of the web services security environment and its... the necessity to develop any security code ■ ■ Chapters 4–7 describe the technology building blocks of Web Services security in detail The chapters define the security technologies that support Web Services security, with particular emphasis on how security works with XML These chapters will be of interest to people who want to get a good understanding of Web Services security and supporting infrastructure... Services Security Although the most common way to exchange a Web Service request is via the Web transport Hypertext Transfer Protocol (HTTP), other transport protocols, such as File Transfer Protocol (FTP) or Simple Mail Transfer Protocol (SMTP), can also support Web Services Characteristics of Web Services Web Services expand the Web from a user front end to an application service With Web Services, . for Mastering Web Services Security Acknowledgments v Foreword vii Introduction xix Chapter 1 Overview of Web Services Security 1 Web Services Overview 2 Characteristics of Web Services 3 Web Services. the Key 6 Information Security: A Proven Concern 7 Securing Web Services 8 Web Services Security Requirements 9 Providing Security for Web Services 10 Unifying Web Services Security 12 EASI Requirements. Building a Secure Web Services Architecture 349 Web Services Security: The Challenges 350 Security Must Be In Place 350 What’s So Tough About Security for Web Services? 351 What Is Security? 351 Building