Security for Service Oriented Architectures

  • 5h 45m
  • Walter Williams
  • CRC Press
  • 2014

Although integrating security into the design of applications has proven to deliver resilient products, there are few books available that provide guidance on how to incorporate security into the design of an application. Filling this need, Security for Service Oriented Architectures examines both application and security architectures and illustrates the relationship between the two.

Supplying authoritative guidance on how to design distributed and resilient applications, the book provides an overview of the various standards that service oriented and distributed applications leverage, including SOAP, HTML 5, SAML, XML Encryption, XML Signature, WS-Security, and WS-SecureConversation. It examines emerging issues of privacy and discusses how to design applications within a secure context to facilitate the understanding of these technologies you need to make intelligent decisions regarding their design.

This complete guide to security for web services and SOA considers the malicious user story of the abuses and attacks against applications as examples of how design flaws and oversights have subverted the goals of providing resilient business functionality. It reviews recent research on access control for simple and conversation-based web services, advanced digital identity management techniques, and access control for web-based workflows.

Filled with illustrative examples and analyses of critical issues, this book provides both security and software architects with a bridge between software and service-oriented architectures and security architectures, with the goal of providing a means to develop software architectures that leverage security architectures.

It is also a reliable source of reference on Web services standards. Coverage includes the four types of architectures, implementing and securing SOA, Web 2.0, other SOA platforms, auditing SOAs, and defending and detecting attacks.

About the Author

Walt Williams, CISSP®, SSCP®, CEH, CPT has served as an infrastructure and security architect at firms as diverse as GTE Internetworking, State Street Corp, Teradyne, The Commerce Group, and EMC. He has since moved to security management, where he now manages security at Lattice Engines. He is an outspoken proponent of design before build, an advocate of frameworks and standards, and has spoken at Security B-Sides on risk management as the cornerstone of a security architecture.

Mr. Williams' articles on security and service oriented architecture have appeared in the Information Security Management Handbook. He sits on the board of directors for the New England ISSA chapter and is a member of the program committee for Metricon. He has a master’s degree in anthropology from Hunter College.

In this Book

  • Introduction
  • Four Kinds of Architectures
  • Implementing and Securing SOA
  • Web 2.0
  • Other SOA Platforms
  • Auditing Service-Oriented Architectures
  • Defending and Detecting Attacks
  • Architecture

YOU MIGHT ALSO LIKE

Rating 4.8 of 6 users Rating 4.8 of 6 users (6)
Rating 4.3 of 18 users Rating 4.3 of 18 users (18)
Rating 4.6 of 5 users Rating 4.6 of 5 users (5)