 |
Securing Java Web Services |
|
Chapter 1. Web-Service Security
- Security for Web Services
- Threats
- Technology and Techniques
- Solution Levels
- HTTP Solutions
- The World-Wide Web Consortium
- XML Solutions
- Encryption
- Hashing
- Signature
- OASIS
- Web-Services Solutions
- Technology Stacks: WS-Federation and Liberty Alliance
- WS-Security
- SAML
Chapter 2. HTTP Security
- HTTP Authentication Schemes
- HTTP BASIC
- HTTP DIGEST
- Securing Web-Service URLs
- HTTPS
- JAX-RPC Support
- Axis Support
Chapter 3. XML Signature
- XML Digital Signature
- Canonical XML
- Enveloped, Enveloping, and Detached Signatures
- SignedInfo and References
- The Java Cryptography Architecture
- Keystores
- keytool
- X.509 Certificates
- The KeyStore API
- Java XML Digital Signature API
- Steps to Sign and Verify XML Content
- JAX-RPC Message Handlers
- Foiling the Man in the Middle
Chapter 4. XML Encryption
- XML Encryption
- EncryptedData
- Element vs. Content Encryption
- Encrypted Keys
- The Java Cryptography Extensions
- Apache XML Security
- Steps to Encrypt and Decrypt XML Content
Chapter 5. WS-Security
- The WS-Security Specifications
- Relationship to W3C Specifications
- Security Tokens
- Timestamps
- Tools for WS-Security
- Integrating into JAX-RPC Services and Clients
Chapter 6. Securing Web Services
- Practical Use of WS-Security
- Foiling Replay Attacks
- Dynamic Security Policies
Chapter 7. The Security Assertions Markup Language
- History of SAML
- Goals and Non-Goals
- Authorities
- Assertions
- Protocol
Chapter 8. SAML Assertions
- The Assertions Schema
- Extensibility
- Assertions and Subjects
- NameIdentifiers and SubjectConfirmations
- AuthenticationStatements
- AttributeStatements
- AuthorizationDecisionStatements
- Actions and Evidence
- SAML Tokens
- OpenSAML
- Signing SAML Assertions
Chapter 9. SAML Protocol
- SAML Messaging
- The SAML Protocol Schema
- Request Types
- Response Types
- Status and StatusCode
- AuthenticationQuery
- AttributeQuery
- AuthorizationDecisionQuery
- SAML as the Substance
|
|
|
