Duration: 4 days
This advanced course introduces Java developers to key concepts and technology for developing secure web services and securing enterprise software architecture. Though consensus is forming, and standards have largely taken shape, this is still a broad and challenging field. We focus on a few well-defined approaches: XML cryptography, the WS-Security and WS-SecurityPolicy standards, and the Security Assertions Markup Language, or SAML. We also look XACML for authorization policies, and at trust and federation -- not only as envisioned by SAML but also through the WS-Trust and WS-Federation specifications.
• Understand the unique challenges in securing interoperable XML-based services.
• Apply W3C standards to digitally sign and encrypt XML fragments and documents.
• Understand the importance of the WS-Security specifications to interoperably secure messaging.
• Use state-of-the-art tools to configure or implement signature, encryption, and various WS-Security header content for Java web services.
• Drive such WSS implementations from WS-SecurityPolicy documents.
• "Vouch for" a user across domains to achieve request authorization without sharing credentials.
• Exchange security information between servers, applications, and components, using SAML assertion and protocol models.
• Understand the role of XACML in policy management and decision-making.
• Understand the WS-Trust and WS-Federation architectures for developing the trust relationships that enable service federations and service-oriented architectures.
• Build web applications that participate in SAML federation and single sign-on.
Method of Delivery
• Onsite/Live class instructions or Online web conference
• Open discussion
• Case studies