did-you-know? rent-now

Amazon no longer offers textbook rentals. We do!

did-you-know? rent-now

Amazon no longer offers textbook rentals. We do!

We're the #1 textbook rental company. Let us show you why.

9783540877417

Security for Web Services and Service-oriented Architectures

by ; ; ;
  • ISBN13:

    9783540877417

  • ISBN10:

    354087741X

  • Format: Hardcover
  • Copyright: 2009-12-04
  • Publisher: Springer-Verlag New York Inc
  • Purchase Benefits
  • Free Shipping Icon Free Shipping On Orders Over $35!
    Your order must be $35 or more to qualify for free economy shipping. Bulk sales, PO's, Marketplace items, eBooks and apparel do not qualify for this offer.
  • eCampus.com Logo Get Rewarded for Ordering Your Textbooks! Enroll Now
  • Write a Review Icon Write a Review
List Price: $79.99 Save up to $61.43
  • Digital
    $40.22
    Add to Cart

    DURATION
    PRICE

Supplemental Materials

What is included with this book?

Summary

Web services based on the eXtensible Markup Language (XML), the Simple Object Access Protocol (SOAP), and related standards, and deployed in Service-Oriented Architectures (SOA), are the key to Web-based interoperability for applications within and across organizations. It is crucial that the security of services and their interactions with users is ensured if Web services technology is to live up to its promise. However, the very features that make it attractive ' such as greater and ubiquitous access to data and other resources, dynamic application configuration and reconfiguration through workflows, and relative autonomy ' conflict with conventional security models and mechanisms.Elisa Bertino and her coauthors provide a comprehensive guide to security for Web services and SOA. They cover in detail all recent standards that address Web service security, including XML Encryption, XML Signature, WS-Security, and WS-SecureConversation, as well as recent research on access control for simple and conversation-based Web services, advanced digital identity management techniques, and access control for Web-based workflows. They explain how these implement means for identification, authentication, and authorization with respect to security aspects such as integrity, confidentiality, and availability.This book will serve practitioners as a comprehensive critical reference on Web service standards, with illustrative examples and analyses of critical issues; researchers will use it as a state-of-the-art overview of ongoing research and innovative new directions; and graduate students will use it as a textbook on advanced topics in computer and system security.

Author Biography

Elisa Bertino is professor of Computer Science and Electrical and Computer Engineering, and research director of the Center for Education and Research in Information Assurance and Security (CERIAS) at Purdue University. She has carried out extensive research on various security topics, such as foundations of access control systems, security for location-based applications, security for web services, digital identity management, data privacy, security and privacy for healthcare applications and for GIS; and has given numerous presentations and tutorials on these topics in scientific conferences. Recently, she recently received the IEEE Computer Society 2005 Kanai award for her research in security for distributed systems. She has also served as a member of the Microsoft Trustworthy Computing Academic Advisory Board.Lorenzo D. Martino is visiting assistant professor at the Computer and Information Technology (C&IT) department of Purdue University and at the Cyber Center of the Purdue University. He has carried out research on trust negotiation techniques and security for web services. Federica Maria Francesca Paci is a PhD Student at the University of Milan, Italy. Her main research interests include the development of access control models for constraint workflow systems, Web services access control models and secure distribution of XML documents. She has published several refereed journal and conference papers in these areas.Anna Squicciarini is a post doctoral research associate in the Computer Science Department of Purdue University. She conducts research on security for distributed systems, with particular focus on trust management, identity management and access control for grids and Web Services. She has published several refereed journal and conference papers in these areas. She has been the main architect of the Trust-X system, an innovative system supporting trust negotiation in distributed open systems.

Table of Contents

Introductionp. 1
Security for Web Services and Security Goalsp. 1
Privacyp. 3
Goals and Scope of the Book and its Intended Audiencep. 4
An Overview of the Book's Contentp. 5
Web Service Technologies, Principles, Architectures, and Standardsp. 9
SOA and Web Services Principlesp. 10
Web Services Architecturep. 13
Web Services Technologies and Standardsp. 13
SOAPp. 15
Web Services Description Language (WSDL)p. 16
Service Discovery: Universal Description, Discovery and Integration (UDDI)p. 18
Considerationsp. 21
Web Services Infrastructurep. 22
Web Services Threats, Vulnerabilities, and Countermeasuresp. 25
Threats and Vulnerabilities Concept Definitionp. 26
Threat Modelingp. 28
Vulnerability Categorizations and Catalogsp. 36
Threat and Vulnerabilities Metricsp. 40
Standards for Web Services Securityp. 45
The Concept of Standardp. 47
Web Services Security Standards Frameworkp. 48
An Overview of Current Standardsp. 49
"Near the wire" security standardsp. 49
XML Data Securityp. 51
Security Assertions Markup Language (SAML)p. 53
SOAP Message Securityp. 56
Key and Trust Management standardsp. 60
Standards for Policy Specificationp. 64
Access Control Policy Standardsp. 67
Implementations of Web Services Security Standardsp. 73
Standards-related Issuesp. 74
Digital Identity Management and Trust Negotiationp. 79
Overview of Digital Identity Managementp. 80
Overview of Existing Proposalsp. 82
Liberty Alliancep. 83
WS-Federationp. 86
Comparison of Liberty Alliance and WS-Frameworkp. 89
Other Digital Identity Management Initiativesp. 90
Discussion on Security of Identity Management Systemsp. 93
Business Processesp. 95
Deploying Multifactor Authentication for Business Processesp. 96
Architecturep. 97
Digital Identity Management in Grid Systemsp. 97
The Trust Negotiation Paradigm and its Deployment using SOAp. 100
Trust Negotiation and Digital Identity Managementp. 101
Automated Trust Negotiation and Digital Identity Management Systems: Differences and Similaritiesp. 102
Integrating Identity Management and Trust Negotiationsp. 105
Architecture of a SP in FAMTNp. 107
An Example of a Use Case: FSP in Liberty Web Services Frameworkp. 108
Negotiations in an FAMTN Federationp. 109
Ticketing system in an FAMTN Federationp. 109
Implementing Trust Tickets Through Cookiesp. 110
Negotiation in Identity Federated Systemsp. 112
Bibliographic Notesp. 113
Access Control for Web Servicesp. 115
Approaches to Enforce Access Control for Web Servicesp. 116
WS-AC1: An Adaptive Access Control Model for Stateless Web Servicesp. 118
The WS-AC1 Modelp. 120
WS-AC1 Identity Attribute Negotiationp. 125
WS-AC1 Parameter Negotiationp. 128
An Access Control Framework for Conversation-Based Web servicesp. 132
Conversation-Based Access Controlp. 133
Access Control and Credentialsp. 134
k-Trust Levels and Policiesp. 135
Access Control Enforcementp. ;
K-Trustworthiness Levels Computationp. 138
Architecture of the Enforcement Systemp. 145
Secure Publishing Techniquesp. 147
The Merkle Signaturesp. 148
Merkle Signatures for Treesp. 148
Merkle Signatures for XML Documentsp. 149
Merkle Hash Verification for Documents with Partially Hidden Contentsp. 150
Application of the Merkle Signature to UDDI Registriesp. 152
Merkle Signature Representationp. 152
Merkle Hash Path Representationp. 153
A Comparison of Merkle Signatures with XML Signaturesp. 154
Bibliographic Notesp. 157
Access Control for Business Processesp. 159
Access Control for Workflows and Business Processesp. 161
Web Services Business Process Execution Language (WS-BPEL)p. 164
RBAC-WS-BPEL: An Authorization Model for WS-BPEL Business Processesp. 166
RBAC XACML: Authorization Schemap. 170
Business Process Constraint Languagep. 170
RBAC-WS-BPEL Authorization Specificationp. 171
RBAC-WS-BPEL Enforcementp. 172
RBAC-WS-BPEL System Architecturep. 174
Handling activity Execution and RBAC-WS-BPEL Enforcementp. 176
Emerging Research Trendsp. 179
Security as a Servicep. 179
Motivationsp. ISO
Reference Framework for Security Servicesp. 181
Authentication Servicep. 182
Privacy for Web Servicesp. 186
P3P and the Privacy-Aware RBAC Modelp. 187
Privacy-Preserving Data Management Techniquesp. 192
W3C Privacy Requirements for Web Services and Research Issuesp. 193
Semantic Web Securityp. 194
Concluding Remarksp. 195
Access Controlp. 197
Basic Notionsp. 197
The Protection Matrix Modelp. 198
Access Control Lists and Capability Listsp. 199
Negative Authorizationsp. 199
Role-Based Access Controlp. 200
Concluding Remarksp. 204
Referencesp. 205
Indexp. 223
Table of Contents provided by Ingram. All Rights Reserved.

Supplemental Materials

What is included with this book?

The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.

The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.

Rewards Program