Web Services Security (Application Development) and over 2 million other books are available for Amazon Kindle . Learn more

Sign in to turn on 1-Click ordering.
Trade in Yours
For a £0.25 Gift Card
Trade in
More Buying Choices
Have one to sell? Sell yours here
Sorry, this item is not available in
Image not available for
Image not available

Start reading Web Services Security (Application Development) on your Kindle in under a minute.

Don't have a Kindle? Get your Kindle here, or download a FREE Kindle Reading App.

Web Services Security (Application Development) [Paperback]

Mark O'Neill

Price: £36.99 & FREE Delivery in the UK. Details
o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o
Only 1 left in stock (more on the way).
Dispatched from and sold by Amazon. Gift-wrap available.
Want it tomorrow, 20 Sep.? Choose Express delivery at checkout. Details


Amazon Price New from Used from
Kindle Edition £34.70  
Paperback £36.99  
Trade In this Item for up to £0.25
Trade in Web Services Security (Application Development) for an Amazon Gift Card of up to £0.25, which you can then spend on millions of items across the site. Trade-in values may vary (terms apply). Learn more

Book Description

1 Jan 2003 0072224711 978-0072224719
Explains how to implement secure Web services and includes coverage of trust, confidentiality, cryptography, authentication, authorization, Kerberos, and more.

Customers Who Viewed This Item Also Viewed

Product details

More About the Author

Discover books, learn about writers, and more.

Product Description

From the Back Cover

Your definitive Web Services security resource

Minimize security risks in your system by successfully rolling out secure Web Services with help from this exceptional guide. Web Services Security covers everything network security professionals need to know, including details on Web Services architecture, SOAP, UDDI, WSDL, XML Signature, XML Encryption, SAML, XACML, XKMS, and more. You'll also get implementation techniques as well as case studies featuring global service-provision initiatives such as the Liberty Alliance Project. Practical, comprehensive, and up-to-date, this is a must-have reference for every administrator interested in conquering real-life security challenges through the effective use of Web Services.

  • Learn the high-level principles of security and how they apply to Web Services
  • Deploy Web Services technology following practical and clear examples
  • Use XKMS for validation and accountability
  • Ensure data integrity by using XML Signature and XML Encryption with SOAP
  • Use SAML and XACML for authentication and authorization
  • Learn the major components of the evolving ebXML standard
  • Gain valuable insight into the legal aspects of Web Services security--including digital signature laws, privacy issues, and application-to-application transactions

About the Author

Mark O'Neill has been IBM Web Services Security Standards Lead, Lead Architect for Java Security at IBM Enterprise Security Center, and Security Lead for the IBM Web Services Toolkit.

Inside This Book (Learn More)
First Sentence
It is a significant gesture when the entire computer industry agrees on a new technology. Read the first page
Explore More
Browse Sample Pages
Front Cover | Copyright | Table of Contents | Excerpt | Index
Search inside this book:

What Other Items Do Customers Buy After Viewing This Item?

Customer Reviews

There are no customer reviews yet on Amazon.co.uk.
5 star
4 star
3 star
2 star
1 star
Most Helpful Customer Reviews on Amazon.com (beta)
Amazon.com: 4.2 out of 5 stars  9 reviews
17 of 19 people found the following review helpful
3.0 out of 5 stars Good concepts coverage - But no example proof 8 Mar 2003
By Prasad Reddy - Published on Amazon.com
With 2 book on our Web services library shelves, this book adds in as the best for getting introduction to Web services security specifications and popular implementations. If you are little lazy to read the specs from web sites, this book is an ideal choice to get an introduction to them. But again, this book is a bundle of content reproducing the specs of XML Security efforts at W3C, OASIS, WS-Security (IBM & Microsoft), Sun's Liberty, Microsoft Passport. Interestingly this book also contains some obsolete versions of Security specs (So be careful, before you assume things).
If your are an Architect seeking a practical implementation solution or a case study to practice in your architecture, this book DOES NOT add value at ALL. As I said, this book lacks practical implementation scenarios especially examples using real world security implementations like Passport, SunONE, EnTrust, Netegrity TransactionMinder etc. So think about it.
If you are newbie wants to get ideas about Web services security then this BOOK IS THE BEST at this time ! But always lookout for latest book so that you don't get buried with obsolete specifications.
12 of 13 people found the following review helpful
4.0 out of 5 stars Solid intro to Web Services and its security requirements 16 Feb 2003
By Richard Bejtlich - Published on Amazon.com
Before reading "Web Services Security" (WSS), my knowledge of Web Services relied on a few magazine articles and chapter 10 of "Hacking Exposed: Web Applications." After reading WSS, I have a better idea of how Web Services work and how a variety of acronyms (XACML, XKMS, SAML, etc.) provide security. This 312 page book isn't lengthy enough to make you a Web Services security expert, but it provides a good foundation for consultants and other professionals.

Good security books do more than teach ways to attack and defend various technologies. They assume the reader isn't an expert in the technology or concept, and provide background prior to explaining weapons and tactics to exploit vulnerabilities. WSS meets this challenge by educating readers on the purpose, history, and future of Web Services. The authors take nothing for granted, explaining why transport-level encryption via SSL is insufficient for Web Services. WSS emphasizes key security concepts like "persistence" and separating policy enforcement from decision-making. I also appreciated the authors' willingness to share key insights, like the argument that "like XKMS, XACML is more about applying XML to security, rather than about applying security to XML." (p. 120). This demonstrated knowledge of applying security to a wider range of subjects than just Web Services.

On the down side, I found the SAML section (ch. 6) confusing. The writing style implied another author contributed this material, and the chapter's "checklist" was a list of questions -- not the summaries found elsewhere. I didn't find the legal section (ch. 14) particularly clear, either, despite the hype it received on the back cover.

Overall, WSS is probably the best Web Services security guide currently available. It meets the market need for an introduction to the subject, and covers material neglected elsewhere, like the Liberty Alliance Project (ch. 11). Those with questions on Web Services security would do well to start looking for answers here!
9 of 9 people found the following review helpful
5.0 out of 5 stars The Best Book on Web Services Security 31 May 2003
By Doug Kaye - Published on Amazon.com
This is *the* book to date on the topic. I particularly like the blend of strategy and practice that Mark and the others have achieved. They've managed to get straight to the point: The best way to secure web services today is through XML Signature, XML Encryption, SAML, and WS-Security, and this book explains how those technologies work.
Unlike another reviewer, I found this book to be a far better way to learn than the specifications or the online white papers. True, it doesn't get into vendor-specific implementation details, but I expect the vendors to provide that info.
6 of 6 people found the following review helpful
5.0 out of 5 stars Covers all the bases 27 Jan 2003
By A Customer - Published on Amazon.com
This very readable book covers the Web services security area well, devoting chapters to all the usual suspects (XML Encryption, XKMS, WS-Security, SAML, et al). The C# and Java code examples are neat, and I was pleased to see the new .NET Web Services Enhancements used in the code.
The standout chapters are on XKMS (I guess that must have been Phill Hallam-Baker's contribution), the WS-Security roadmap, and a chapter on the legal implications of Web services. It's not often you find a legal chapter in a technology book - I guess that is a sign of the times. One of the case studies in the appendix focusses on implementing the Vordel product, though the rest of the book is vendor-neutral.
A lot of this stuff is a moving target, so I'd like to have seen a website of updates provided. But the book itself is an excellent introduction to this over-hyped and sometimes confusing area - highly recommended.
4 of 4 people found the following review helpful
4.0 out of 5 stars Points you in the right direction 15 Nov 2004
By M. Ashworth - Published on Amazon.com
Writing a book like this is always going to be a difficult task in an up and coming technology. This book handles it exceptionally well. Although being written in 2003 it manages to cover core web service security issues such as WS-Security, SAML and two options of identification softwre such as Liberty Alliance and the Microsoft .NET passport. For once it is refreshing to read a book that is concerned more with security for you and not trying to evangelise something down your neck. It introduces a good range of security issues that approach different aspects of web services security. This was a great start for me to start learning about web services security and the approaches to implementing it. So its a must read for any beginner in the subject.
Were these reviews helpful?   Let us know

Customer Discussions

This product's forum
Discussion Replies Latest Post
No discussions yet

Ask questions, Share opinions, Gain insight
Start a new discussion
First post:
Prompts for sign-in

Search Customer Discussions
Search all Amazon discussions

Look for similar items by category