[...]... How NET Works NET Security J2EE How EJB Works Roles and Responsibilities of CSS, TSS, and Secure Channel Implementation of Security functions Administration Enforcing Fine-Grained Security 15 7 15 8 15 8 16 0 16 1 16 3 16 4 17 4 17 5 17 6 17 7 17 9 18 2 18 6 18 7 18 8 18 8 19 2 19 3 19 5 19 6 19 7 19 9 203 207 208 210 212 213 216 Summary Chapter 8 217 Securing NET Web Services IIS Security Mechanisms 219 219 Authentication... Needed Security Problems Solved by SAML A First Detailed Look at SAML SAML Assertions Common Portion of an Assertion Statements SAML Protocols SAML Request/Response SAML Request SAML Response Bindings Profiles Shibboleth Privacy Federation Single Sign-on The Trust Relationship 99 10 0 10 0 10 1 10 4 10 5 10 5 10 7 10 9 10 9 11 2 11 6 11 7 11 7 12 1 12 2 12 2 12 7 12 8 12 9 12 9 13 0 Related Standards 13 0 XACML WS -Security 13 0... Information Security: A Proven Concern Securing Web Services Web Services Security Requirements Providing Security for Web Services Unifying Web Services Security EASI Requirements EASI Solutions EASI Framework EASI Benefits Example of a Secure Web Services Architecture Business Scenario Scenario Security Requirements Summary 1 2 3 3 4 5 5 6 7 8 9 10 12 13 14 15 18 19 19 22 23 xi xii Contents Chapter 2 Web Services. .. Requirements Options for Authorization in Web Services System Characteristics eBusiness Authorization Summary 13 5 13 7 14 1 14 3 14 5 14 5 14 6 14 7 15 0 15 0 15 0 15 3 15 4 15 5 15 6 xiii xiv Contents Chapter 7 Security of Infrastructures for Web Services Distributed Security Fundamentals Security and the Client/Server Paradigm Security and the Object Paradigm What All Middleware Security Is About Roles and Responsibilities... the future of web services security. ” Ron Monzillo Sun Microsystems Contents Acknowledgments v Foreword vii Introduction xix Chapter 1 Overview of Web Services Security Web Services Overview Characteristics of Web Services Web Services Architecture Security as an Enabler for Web Services Applications Information Security Goals: Enable Use, Bar Intrusion Web Services Solutions Create New Security Responsibilities... EASI Framework Solve? Web Services Support for EASI Making Third-Party Security Products Work Together Federation Liberty Alliance The Internet versus Intranets and Extranets Summary Chapter 11 Administrative Considerations for Web Services Security Introducing Security Administration The Security Administration Problem What about Web Services? 307 308 310 310 311 317 318 318 319 320 322 322 325 325... Tools Available for Web Services Sun FORTE and JWSDP IBM WebSphere and Web Services Toolkit Systinet WASP The Java Web Services Examples Example Using WASP Example Using JWSDP Summary Chapter 10 Interoperability of Web Services Security Technologies The Security Interoperability Problem Between Security Tiers Layered Security Perimeter Security Mid-Tier Back-Office Tier Interoperable Security Technologies... Fault Isolation 220 2 21 222 222 224 Creating Web Services with Microsoft Technologies Creating Web Services out of COM+ Components Creating Web Services out of COM Components Using SOAP Toolkit Creating Web Services with NET Remoting Creating Web Services Using ASP.NET Implementing Access to eBusiness with ASP.NET Web Services 224 225 226 228 229 233 Contents ASP.NET Web Services Security Authentication... How Rich Does Security Policy Need to Be? 328 329 3 41 343 343 344 Administering Data Protection Making Web Services Development and Security Administration Play Well Together Summary 345 346 347 Chapter 12 Planning and Building a Secure Web Services Architecture Web Services Security: The Challenges 349 350 Security Must Be In Place What’s So Tough About Security for Web Services? What Is Security? Building... Related Standards 13 0 XACML WS -Security 13 0 13 0 Summary Chapter 6 13 1 Principles of Securing Web Services Web Services Example Authentication 13 3 13 3 13 5 Authentication Requirements Options for Authentication in Web Services System Characteristics Authentication for ePortal and eBusiness Data Protection Data Protection Requirements Options for Data Protection in Web Services System Characteristics eBusiness . for Mastering Web Services Security Acknowledgments v Foreword vii Introduction xix Chapter 1 Overview of Web Services Security 1 Web Services Overview 2 Characteristics of Web Services 3 Web Services. 6 Information Security: A Proven Concern 7 Securing Web Services 8 Web Services Security Requirements 9 Providing Security for Web Services 10 Unifying Web Services Security 12 EASI Requirements 13 EASI. at SAML 10 7 SAML Assertions 10 9 Common Portion of an Assertion 10 9 Statements 11 2 SAML Protocols 11 6 SAML Request/Response 11 7 SAML Request 11 7 SAML Response 12 1 Bindings 12 2 Profiles 12 2 Shibboleth