Web Services Security
| 2003-01-31 00:00:00 | | 0 | Computer Security
Explains how to implement secure Web services and includes coverage of trust, confidentiality, cryptography, authentication, authorization, and Kerberos. You'll also find details on Security Assertion Markup Language (SAML), XML Key Management Specification (XKMS), XML Encryption, Hypertext Transfer Protocol-Reliability (HTTP-R) and more.
User review
Points you in the right direction
Writing a book like this is always going to be a difficult task in an up and coming technology. This book handles it exceptionally well. Although being written in 2003 it manages to cover core web service security issues such as WS-Security, SAML and two options of identification softwre such as Liberty Alliance and the Microsoft .NET passport. For once it is refreshing to read a book that is concerned more with security for you and not trying to evangelise something down your neck. It introduces a good range of security issues that approach different aspects of web services security. This was a great start for me to start learning about web services security and the approaches to implementing it. So its a must read for any beginner in the subject.
User review
Especially for the novice website designer
A team effort, Web Services Security describes XML and Web Services security technologies, including SAML and the WS-Security roadmap, and provides practical examples in Java and C#. Web Services Security deftly and accessibly explains the technologies in plain English, using clear analogies to help the reader grasp the concepts needed to understand Web Services security, and illustrate implementation techniques as well as case studies featuring global service-provision initiatives such as the Liberty Alliance Project. Highly recommended, especially for the novice website designer. 336 pages
User review
The Best Book on Web Services Security
This is *the* book to date on the topic. I particularly like the blend of strategy and practice that Mark and the others have achieved. They've managed to get straight to the point: The best way to secure web services today is through XML Signature, XML Encryption, SAML, and WS-Security, and this book explains how those technologies work.
Unlike another reviewer, I found this book to be a far better way to learn than the specifications or the online white papers. True, it doesn't get into vendor-specific implementation details, but I expect the vendors to provide that info.
User review
Good concepts coverage - But no example proof
With 2 book on our Web services library shelves, this book adds in as the best for getting introduction to Web services security specifications and popular implementations. If you are little lazy to read the specs from web sites, this book is an ideal choice to get an introduction to them. But again, this book is a bundle of content reproducing the specs of XML Security efforts at W3C, OASIS, WS-Security (IBM & Microsoft), Sun's Liberty, Microsoft Passport. Interestingly this book also contains some obsolete versions of Security specs (So be careful, before you assume things).
If your are an Architect seeking a practical implementation solution or a case study to practice in your architecture, this book DOES NOT add value at ALL. As I said, this book lacks practical implementation scenarios especially examples using real world security implementations like Passport, SunONE, EnTrust, Netegrity TransactionMinder etc. So think about it.
If you are newbie wants to get ideas about Web services security then this BOOK IS THE BEST at this time ! But always lookout for latest book so that you don't get buried with obsolete specifications.
User review
Very complete
This is a very complete reference in that it covers all the current standards that directly and indirectly impact web services security. I really appreciated the examples of how I would go about implementing various features. In that respect, it is a valuable reference for both architects desiring to design a secure web services solution as well as to developers who must implement the solution.