- Paperback: 464 pages
- Publisher: John Wiley & Sons (30 Jan 2003)
- Language English
- ISBN-10: 0471267163
- ISBN-13: 978-0471267164
- Product Dimensions: 23.8 x 18.8 x 2.6 cm
-
Amazon Bestsellers Rank:
1,912,156 in Books (See Top 100 in Books)
- #15 in Books > Computers & Internet > Computer Science > Networking & Security > Security > Programming > Web Services
- #60 in Books > Computers & Internet > Computer Science > Networking & Security > Security > Web Security
- #83 in Books > Computers & Internet > Computer Science > Programming > Languages > XML > Web Services
- See Complete Table of Contents
| ||||||||||||
Did you know you can trade in your old books for an Amazon.co.uk Gift Card to spend on the things you want? Visit the Amazon.co.uk Trade-In Store for more details. |
Product details |
Product Description
Product Description
- Uncovers the steps software architects and developers will need to take in order to plan and build a real–world, secure Web services system
- Authors are leading security experts involved in developing the standards for XML and Web services security
- Focuses on XML–based security and presents code examples based on popular EJB and .NET application servers
- Explains how to handle difficult–to–solve problems such as passing user credentials and controlling delegation of those credentials across multiple applications
- Companion Web site includes the source code from the book as well as additional examples and product information
From the Back Cover
Quickly learn how to build a secure Web services system using available programming tools, models, and specifications
Web services promise to simplify business programming and to improve interoperability, but they won′t deliver on these promises without effective security. Written by the leading security experts in the field, this innovative book clearly shows how to build a real–world, secure Web services system. Using theory, examples, and practical advice, the authors examine each of the security technologies used for providing secure Web services, emphasizing how security works with XML and SOAP. And with the help of two case studies, you′ll also learn how to effectively plan and deploy a secure Web services system for both J2EE and .NET.
This book will show you how to build a secure Web services system today and anticipate the security systems of tomorrow. The authors:
∗ Discuss the measures that can be used to secure XML and SOAP messages
∗ Demonstrate ways to analyze and address Web services security needs
∗ Describe WS–Security and SAML, new security specifications that are directed at securing user data and credentials using XML
∗ Cover the different ways to create a secure .NET Web service
∗ Explain how to secure Web services when the target Web service is a J2EE application server
The companion Web site contains
∗ The complete source code from the book
∗ Additional examples and product information
Web services promise to simplify business programming and to improve interoperability, but they won′t deliver on these promises without effective security. Written by the leading security experts in the field, this innovative book clearly shows how to build a real–world, secure Web services system. Using theory, examples, and practical advice, the authors examine each of the security technologies used for providing secure Web services, emphasizing how security works with XML and SOAP. And with the help of two case studies, you′ll also learn how to effectively plan and deploy a secure Web services system for both J2EE and .NET.
This book will show you how to build a secure Web services system today and anticipate the security systems of tomorrow. The authors:
∗ Discuss the measures that can be used to secure XML and SOAP messages
∗ Demonstrate ways to analyze and address Web services security needs
∗ Describe WS–Security and SAML, new security specifications that are directed at securing user data and credentials using XML
∗ Cover the different ways to create a secure .NET Web service
∗ Explain how to secure Web services when the target Web service is a J2EE application server
The companion Web site contains
∗ The complete source code from the book
∗ Additional examples and product information
Inside This Book
(Learn More)
First Sentence
In today's global marketplace, the Internet is no longer just about email and Web sites. Read the first page
Front Cover | Copyright | Table of Contents | Excerpt | Index | Back Cover
In today's global marketplace, the Internet is no longer just about email and Web sites. Read the first page
Explore More
Concordance
Browse Sample PagesConcordance
Front Cover | Copyright | Table of Contents | Excerpt | Index | Back Cover
Tag this product(What's this?)Think of a tag as a keyword or label you consider is strongly related to this product.
Tags will help all customers organise and find favourite items. |
Sell a Digital Version of This Book in the Kindle Store
If you are a publisher or author and hold the digital rights to a book, you can sell a digital version of it in our Kindle Store.
Learn more
Customer Reviews
|
There are no customer reviews yet on Amazon U.K.
|
||||||||||||||||||||
|
Most Helpful Customer Reviews on Amazon.com (beta)
Amazon.com:
3.4 out of 5 stars (5 customer reviews)
6 of 6 people found the following review helpful:
3.0 out of 5 stars
An EASI read, with some gaps, 27 Jan 2003
By A Customer - Published on Amazon.com
This review is from: Mastering Web Services Security (Paperback)
This was the first Web services security book which I've read. Overall my impression on this book is pretty positive. Here are my thoughts on this book:- The writing and examples are clear. The glossary is a nice touch. The book avoids spending much time on a "101 of Web services" section, and that's probably a good thing, since plenty of books cover that already. Plus, anyone who buys this book will know the basics of Web services already.
- Much of the book focuses on applying the Quadrasis "EASI" security framework to Web services, unsurprisingly I guess since the four authors all work for Quadrasis. Some of the code examples require an instance of the EASI framework to work, which is limiting to people who are not using Quadrasis software (I don't think there is anyone else with product which implements the EASI framework). For examples of authentication and authorization in Java, i'd prefer to have seen JAAS used. I think the book would have been more accurately named "Mastering Web Services Security using the EASI Framework".
- Any book on Web services security right now is going to be a picture of a moment in time, because of the evolving standards in this area, e.g. information about timestamps and nonces in WS-Security isn't included, so probably the book was written before the WS-Security Addendum was released. Ditto WS-SecureConversation, WS-Policy, and WS-Trust - most likely published after this book was written. I'd like to have seen this information, plus concrete information about SAML assertions in SOAP messages, in the book.
- XKMS is missing from the book. This was a big surprise, since like most people, I'd see XKMS as a fundamental Web services security technology. Also, XACML only gets a half a page.
- The sections on the IIS web server are very strong.
- Netegrity SiteMinder is covered, but Netegrity TransactionMinder is not. This was a surprise.
So overall, this book is strong on the EASI framework, and is well written. If you think you're likely to use EASI for your Web services security, I'd definitely recommend it.
6 of 7 people found the following review helpful:
3.0 out of 5 stars
Good Basics - Not a 'Mastering' Security book, 30 Jan 2003
By Prasad Reddy "Prasad" - Published on Amazon.com
This review is from: Mastering Web Services Security (Paperback)
If you are looking to compare this book with "Mastering EJB" by Ed Roman then you are making a big mistake! This books is very focussed on Quadrasis EASI implementation ( I never heard off).(+) Good high level book for concepts.
(+) This book covers well all emerging Web services security specs including WS-Security, SAML, .NET Security etc.
(-) Only address Proprietory technologies from Netegrity and Quadrasis (Quite upsetting).
(-) Not enough examples to cover all the security specs.
(-) No discussion on implementing Liberty and Passport technologies.
3 of 4 people found the following review helpful:
4.0 out of 5 stars
good for developers of complex secure WS applications, 20 April 2003
By "ktoto984" - Published on Amazon.com
This review is from: Mastering Web Services Security (Paperback)
The book does a great job explaining how to build non-trivial WS systems that are secure from end to end. Instead of limiting the material to descriptions of SOAP-related technologies and their security (this is what the other books I've read on WS security do), the authors first explain how to secure quickly a simple homogenous (M$-based) WS application, then point out the problems with such a simple-minded approach, and then devote the rest of the book to the question of securing complex heterogeneous WS applications by putting all necessary pieces together. The first part also has a good introduction into the building blocks for WS security solutions, including not only SOAP and XML security, but also security of the underlying middleware technologies. Here, they could do a better job on going into more details about WS-Security spec and its friends. In the second part, they show how to use those building blocks together. Again, chapters on security of Java-based WS and the security interoperability lack a good structure and some times are just confusing.
From reading the book, it became clear to me that WS security is yet another instance of the old problem of enterprise security integration, although with a SOAP twist. Therefore, many methods from middleware security can be used for securing WS applications. I would recommend reading this book only to those who build complex heterogeneous WS applications.
Listmania!
Look for similar items by category
- Books > Computing & Internet > Digital Lifestyle > Online Shopping > Amazon
- Books > Computing & Internet > Networking & Security > Network Topics
- Books > Computing & Internet > Networking & Security > Security > Cryptography & Encryption
- Books > Computing & Internet > Networking & Security > Security > Network Security
- Books > Computing & Internet > Networking & Security > Security > Programming > Web Services
- Books > Computing & Internet > Networking & Security > Security > Web Security
- Books > Computing & Internet > Programming > Languages & Tools
- Books > Computing & Internet > Programming > Languages > XML > Web Services
- Books > Computing & Internet > Software & Graphics
Look for similar items by subject
Feedback
- Would you like to update product info or give feedback on images?
- I am the Author, and I want to comment on my book.
- I am the Publisher, and I want to comment on this book.
|
