UMBC Training Centers logo

SOA 1565 - Securing the Service Oriented Enterprise

 

Course Description | Course Outline | SOA Training | IT Training

Course Outline

1. SOA Security Overview

  • Objectives
  • Traditional systems
  • Loosely-coupled systems
  • Risks of loosely-coupled services
  • SOA Security Concerns
  • Security Stack: Web services
  • Security Stack: Other services
  • Discussion Question
  • Summary
 

2. Security Patterns

  • Objectives
  • Service bus security
  • Service bus security layers
  • Application-managed security
  • Security as a service
  • Reverse Proxy
  • ESB Gateway
  • Discussion Question
  • Summary
 

3. Security Layering

  • Objectives
  • SOA Layers
  • Security Layering
  • Policy-driven Security
  • PEP/PDP in Action
  • Separation of concerns
  • Loosely-coupled security layer
  • SES/SDS in Action
  • Layering and service granularity
  • Security Service Granularity
  • Process-centric Security
  • Discussion Question
  • Summary
 

4. Applying Traditional Security to SOA

  • Objectives
  • Public Key Infrastructure (PKI)
  • Digital Signature
  • Digital Signature Process
  • Certificates
  • Authentication
  • Basic HTTP Authentication
  • Secure Socket Layer (SSL)
  • Basic Authentication Over HTTPS
  • Securing non-HTTP Traffic
  • Summary
 

5. SOA Security Standards

  • Objectives
  • WS-Security
  • XML Encryption & Signature
  • SAML
  • WS-Trust
  • WS-Trust Interoperability
  • WS-Federation
  • WS-SecureConversation
  • Web Services Policy Framework
  • WS-SecurityPolicy
  • Security Standards Review
  • Summary
 

6. Simple Object Access Protocol (SOAP)

  • Objectives
  • SOAP Overview
  • SOAP in Protocol Stack
  • SOAP Components
  • SOAP HTTP Request Example
  • SOAP HTTP Response Example
  • Message Envelope
  • The Header Element
  • Header Attributes
  • SOAP Body
  • SOAP Fault
  • Communication Style
  • RPC/Encoded Style
  • RPC/Literal Style
  • Enabling RPC Styles
  • Document/Literal Style
  • Document/Literal Wrapped Style
  • Details of the Wrapped Style
  • Enabling Document Literal Style
  • Summary
 

7. SOA Security Standards

  • Objectives
  • SOA Security Model
  • SOA Security Policies
  • Transport Level Security Policy
  • Message Level Security Policy
  • Data Level Security Policy
  • Overview of Web Services Security
  • Securing XML Data
  • XML Digital Signatures
  • XML Encryption
  • WS-Security Tokens
  • WS-Security Considerations
  • Putting it all together
  • Phase 1: The Service-side
  • Phase 1: Build a secure service
  • Phase 2: The Client
  • Phase 2: Build a secure client
  • Phase 3: Production
  • Audit Tracking
  • Identity Assertion Using SAML
  • SAML SOAP Example
  • Summary
 

8. SOA Security Threats and Countermeasures

  • Objectives
  • The Price of Open Standards
  • Generic Vulnerabilities
  • XML-specific Attacks
  • Countermeasures
  • Summary
 

9. Governing SOA Security

  • Objectives
  • Security Governance
  • Collecting Security Requirements
  • Policies and Contract Management
  • Policy and Contract Management
  • SOA Security Lifecycle
  • Governance Model Overview
  • Models for Governing Security
  • Discussion Question
  • Summary