Enterprise Web Services Security
暫譯: 企業網路服務安全

Description

• Teaches developers, application architects, and security professionals how to build security policies and strategies in a Web Services environment
  
• Covers the underlying protocols and technologies that form the Internet (TCP/IP, HTTP) and Web Services (XML, SOAP, WSDL, UDDI), and the major XML and Web Services standards that are the basis of implementing security in a Web Services environment
  
• Explains how to implement security policies and mechanisms in both J2EE and .NET
  
• Includes a companion CD-ROM with and all of the source code, references, and figures from the book

The use of Web Services for Business-to-Business (B2B) and Business-to-Consumer (B2C) transactions has created risks that expose critical assets to increasingly greater threats. Enterprise Web Services Security provides the information developers, application architects, and security professionals need to build security policies and strategies from the ground up in a Web Services environment. Most security books focus on computer or network security in isolation, relegating the other areas to overview chapters or appendices. A single-system view of security, however, is not adequate to describe a distributed Web Services-based environment as it causes the developer to have to piece together material from several resources in order to create secure Web sites and services. This book takes a holistic approach that mirrors the perspective developers need to take regardless of whether they are planning and implementing the security mechanisms for a Web Service, a Web site, or an enterprise. It details how to secure critical components such as workstations, servers, and networks, the goals behind an enterprise’s security policies, the policies an organization should have in place, and how to communicate those policies using WS-Policy Framework and WS-Security Policy. Various threats and attacks are also covered, as well as the identity management, authentication, authorization, access control, confidentiality, and integrity mechanisms needed to protect messages and transactions. Enterprise Web Services Security is the one book developers need to make all their security mechanisms work successfully to thwart attacks and protect assets.