Did you know you can trade in your old books for an Amazon.co.uk Gift Card to spend on the things you want? Plus, get an extra £5 Gift Certificate when you trade in books worth £10 or more before June 30, 2012. Visit the Books Trade-In Store for more details. |
Frequently Bought Together
Product details
|
More About the Author
Product Description
Product Description
Explains how to implement secure Web services and includes coverage of trust, confidentiality, cryptography, authentication, authorization, Kerberos, and more.
From the Back Cover
Your definitive Web Services security resource
Minimize security risks in your system by successfully rolling out secure Web Services with help from this exceptional guide. Web Services Security covers everything network security professionals need to know, including details on Web Services architecture, SOAP, UDDI, WSDL, XML Signature, XML Encryption, SAML, XACML, XKMS, and more. You'll also get implementation techniques as well as case studies featuring global service-provision initiatives such as the Liberty Alliance Project. Practical, comprehensive, and up-to-date, this is a must-have reference for every administrator interested in conquering real-life security challenges through the effective use of Web Services.
- Learn the high-level principles of security and how they apply to Web Services
- Deploy Web Services technology following practical and clear examples
- Use XKMS for validation and accountability
- Ensure data integrity by using XML Signature and XML Encryption with SOAP
- Use SAML and XACML for authentication and authorization
- Learn the major components of the evolving ebXML standard
- Gain valuable insight into the legal aspects of Web Services security--including digital signature laws, privacy issues, and application-to-application transactions
Inside This Book
(Learn More)
First Sentence
It is a significant gesture when the entire computer industry agrees on a new technology. Read the first page
Front Cover | Copyright | Table of Contents | Excerpt | Index
It is a significant gesture when the entire computer industry agrees on a new technology. Read the first page
Explore More
Concordance
Browse Sample PagesConcordance
Front Cover | Copyright | Table of Contents | Excerpt | Index
Tag this product(What's this?)Think of a tag as a keyword or label you consider is strongly related to this product.
Tags will help all customers organise and find favourite items. |
Sell a Digital Version of This Book in the Kindle Store
If you are a publisher or author and hold the digital rights to a book, you can sell a digital version of it in our Kindle Store.
Learn more
What Other Items Do Customers Buy After Viewing This Item?
Customer Reviews
There are no customer reviews yet on Amazon.co.uk.
5 star
4 star
3 star
2 star
1 star
Most Helpful Customer Reviews on Amazon.com (beta)
Amazon.com:
8 reviews
17 of 19 people found the following review helpful
Good concepts coverage - But no example proof
8 Mar 2003
Format:Paperback
With 2 book on our Web services library shelves, this book adds in as the best for getting introduction to Web services security specifications and popular implementations. If you are little lazy to read the specs from web sites, this book is an ideal choice to get an introduction to them. But again, this book is a bundle of content reproducing the specs of XML Security efforts at W3C, OASIS, WS-Security (IBM & Microsoft), Sun's Liberty, Microsoft Passport. Interestingly this book also contains some obsolete versions of Security specs (So be careful, before you assume things).
If your are an Architect seeking a practical implementation solution or a case study to practice in your architecture, this book DOES NOT add value at ALL. As I said, this book lacks practical implementation scenarios especially examples using real world security implementations like Passport, SunONE, EnTrust, Netegrity TransactionMinder etc. So think about it.
If you are newbie wants to get ideas about Web services security then this BOOK IS THE BEST at this time ! But always lookout for latest book so that you don't get buried with obsolete specifications.
9 of 9 people found the following review helpful
The Best Book on Web Services Security
31 May 2003
Format:Paperback
This is *the* book to date on the topic. I particularly like the blend of strategy and practice that Mark and the others have achieved. They've managed to get straight to the point: The best way to secure web services today is through XML Signature, XML Encryption, SAML, and WS-Security, and this book explains how those technologies work.
Unlike another reviewer, I found this book to be a far better way to learn than the specifications or the online white papers. True, it doesn't get into vendor-specific implementation details, but I expect the vendors to provide that info.
12 of 13 people found the following review helpful
Solid intro to Web Services and its security requirements
16 Feb 2003
Format:Paperback
Before reading "Web Services Security" (WSS), my knowledge of Web Services relied on a few magazine articles and chapter 10 of "Hacking Exposed: Web Applications." After reading WSS, I have a better idea of how Web Services work and how a variety of acronyms (XACML, XKMS, SAML, etc.) provide security. This 312 page book isn't lengthy enough to make you a Web Services security expert, but it provides a good foundation for consultants and other professionals.
Good security books do more than teach ways to attack and defend various technologies. They assume the reader isn't an expert in the technology or concept, and provide background prior to explaining weapons and tactics to exploit vulnerabilities. WSS meets this challenge by educating readers on the purpose, history, and future of Web Services. The authors take nothing for granted, explaining why transport-level encryption via SSL is insufficient for Web Services. WSS emphasizes key security concepts like "persistence" and separating policy enforcement from decision-making. I also appreciated the authors' willingness to share key insights, like the argument that "like XKMS, XACML is more about applying XML to security, rather than about applying security to XML." (p. 120). This demonstrated knowledge of applying security to a wider range of subjects than just Web Services.
On the down side, I found the SAML section (ch. 6) confusing. The writing style implied another author contributed this material, and the chapter's "checklist" was a list of questions -- not the summaries found elsewhere. I didn't find the legal section (ch. 14) particularly clear, either, despite the hype it received on the back cover.
Overall, WSS is probably the best Web Services security guide currently available. It meets the market need for an introduction to the subject, and covers material neglected elsewhere, like the Liberty Alliance Project (ch. 11). Those with questions on Web Services security would do well to start looking for answers here!
Good security books do more than teach ways to attack and defend various technologies. They assume the reader isn't an expert in the technology or concept, and provide background prior to explaining weapons and tactics to exploit vulnerabilities. WSS meets this challenge by educating readers on the purpose, history, and future of Web Services. The authors take nothing for granted, explaining why transport-level encryption via SSL is insufficient for Web Services. WSS emphasizes key security concepts like "persistence" and separating policy enforcement from decision-making. I also appreciated the authors' willingness to share key insights, like the argument that "like XKMS, XACML is more about applying XML to security, rather than about applying security to XML." (p. 120). This demonstrated knowledge of applying security to a wider range of subjects than just Web Services.
On the down side, I found the SAML section (ch. 6) confusing. The writing style implied another author contributed this material, and the chapter's "checklist" was a list of questions -- not the summaries found elsewhere. I didn't find the legal section (ch. 14) particularly clear, either, despite the hype it received on the back cover.
Overall, WSS is probably the best Web Services security guide currently available. It meets the market need for an introduction to the subject, and covers material neglected elsewhere, like the Liberty Alliance Project (ch. 11). Those with questions on Web Services security would do well to start looking for answers here!
Were these reviews helpful?
Let us know
Listmania!
Look for similar items by category
- Books > Computing & Internet > Digital Lifestyle > Online Shopping > Amazon
- Books > Computing & Internet > Networking & Security > Network Topics
- Books > Computing & Internet > Networking & Security > Security > Network Security
- Books > Computing & Internet > Networking & Security > Security > Programming > Web Services
- Books > Computing & Internet > Networking & Security > Security > Web Security
- Books > Computing & Internet > Programming > Languages > XML > Web Services
- Books > Computing & Internet > Software & Graphics
Look for similar items by subject
Feedback
- Would you like to update product info or give feedback on images?
- I am the Author, and I want to comment on my book.
- I am the Publisher, and I want to comment on this book.
|
