Securing Web Services with WS-Security: Demystifying WS-Security, WS-Policy, SAML, XML Signature, and XML Encryption

Book Description

You know how to build Web service applications using XML, SOAP, and WSDL, but can you ensure that those applications are secure? Standards development groups such as OASIS and W3C have released several specifications designed to provide security - but how do you combine them in working applications?

"Securing Web Services with WS-Security" will help you take your Web services securely to production, with insight into the latest security standards including

- WS-Security, a model that defines how to put security specifications into practice
- XML Encryption to ensure confidentiality
- XML Signature to ensure data integrity
- Security Assertion Markup Language (SAML) to authenticate and authorize users
- WS-Policy to set policies across trust domains

Jothy Rosenberg and David Remy, both business, technology, and security visionaries, demystify these standards with practical examples including a fully developed case study application showing these tools at work. A pragmatic approach is taken showing which Web Services Security standards are needed when faced with a variety of security challenges. The authors understand that security remains one of the largest remaining impediments to deploying major Web services in business-critical situations. The goal of this book is to begin to remove those impediments by providing a detailed understanding of all the available security technologies and how and when to employ them.

Download Description

The most up to date, comprehensive, and practical guide to Web services security, and the first to cover the final release of new standards SAML 1.1 and WS-Security. Comprehensive coverage and practical examples of the industry standards XML Signature and XML Encryption, and the first book to cover the final WS-Security and SAML 1.1 specifications Authors Jothy Rosenberg and David Remy are security experts who co-founded GeoTrust, the #2 Web site certificate authority and currently work for Service Integrity and BEA Systems, respectively. According to IBM, American Express, Sun Microsystems, and other industry leaders, well-defined security standards and procedures are a crucial element to the adoption of web services in industry.

Customer Reviews:

Worthless For Programmers.......2006-04-27

Agree completely with all of the other reviewers in respect to practical working examples and detailed information. This is nothing more than a high-level overview of documentation and specifications you can easily find yourself on the internet. Look elsewhere (and yeah, I'm still looking myself) for solid information about how to design and deploy WS-* applications.

Weak examples........2006-04-08

This book delivers good introduction to WS-* specs beyond that I don't find much help. From a developer perspective, the book does'nt help with good examples, it is missing with coding guidance and also lacks detail about the PKI in Web services. Possibly this book is too early to market before the specs are endorsed by OASIS. It's time for a revision..otherwise I could've added two more stars.

Good Overview of Web Services Security.......2006-04-07

This book is a good introduction to the application of security to Web Services and SOA. The authors focus on "message level" security versus "transport level" security, and its application to Web Services. The book explains standards: WS-Security, WS-Policy, WS-SecurePolicy and other current standards at the time of publishing (2004).

However these standards are constantly evolving and this book needs to be updated on a regular basis.

Gary E. Smith
SOA Network Architect
SOA Networks

good intro book - need a revision.......2006-01-17

i am an architect working on large-scale web services on j2ee and .net ddevlopment and deplyment. I bought this book for getting myself introduced to ws-security and saml. if you would like to know the security specifications for web services at a high-level you may find this book useful. If you are looking at the practical aspects of how to implement them in a j2ee or .net web services you wil find limited help. The coverage on ws-* specs are little bit old as new revisions are already out.

Good intro but needs an update.......2005-12-22

This book would help you if you need an introduction to Web services security standards. If you need to know the strategies for how to implement then this book may not help much. Some of the specifications discussed in the book is not complete and there is lot of confusion in the standards committee moving forward. I bought this book before I bought the Core Security Patterns which details both the standards and patterns-based implementation strategies for Web services security. This book also needs a revision in terms of updating to SAML 2.0, WS-Security 1.1, WS-I Basic Security profile.

Average customer rating:

Excellent coverage
Out of date and filled with fluff
Disappointing
Where's the e-commerce, where's the professionality?
Ecellent overview of a wide range of topics

Professional Java E-Commerce
Subrahmanyam Allamaraju , Ronald Ashri , Chad Darby , Robert Flenner , Alex Linde , Tracie Karsjens , Mark Kerzner , Alex Krotov , Jim MacIntosh , James McGovern , Thor Mirchandani , Bryan Plaster , Don Reamey , and P.G. Sarang
Manufacturer: Peer Information
ProductGroup: Book
Binding: Mass Market Paperback

General | Business & Investing | Subjects | Books

E-commerce | Web Development | Computers & Internet | Subjects | Books

General | Programming | Computers & Internet | Subjects | Books

Privacy | Business & Culture | Computers & Internet | Subjects | Books

E-Commerce | Business & Culture | Computers & Internet | Subjects | Books

Network Security | Networking | Computers & Internet | Subjects | Books

General | Computers & Internet | Subjects | Books

General | Software | Computers & Internet | Subjects | Books

Look Inside Business Books | Trip | Specialty Stores | Books

Look Inside Computer Books | Trip | Specialty Stores | Books
Similar Items:

Java Developer's Guide to E-Commerce with XML and JSP

ASIN: 1861004818

Amazon.com

Ideal for IT managers and developers working on e-commerce projects, Professional Java E-Commerce shows off how to design and program working e-stores and other enterprise Web applications powered by Java. This book is a guide to the nuts and bolts of Java used for e-commerce sites, and it also surveys the management and design issues that any organization will face when doing business online.

The first sections give an IT manager's perspective on integrating e-commerce initiatives into your organization, whether they're B2B, B2C, or m-commerce initiatives. The coverage achieves considerable depth. As well as terms you've already heard about, the team authors also look at B2B2C and C2B2C scenarios. They cover project planning for successful e-commerce software development and today's n-tiered architectures for scalability, and provide a quite thorough discussion of the security issues surrounding e-commerce.

The book then delves into actual sample source code for a variety of e-commerce applications, beginning with a traditional online store (for selling computers) with a product catalog and a shopping basket. Written with simple JSP, this site gets enhanced later using state-of-the-art Enterprise JavaBeans (EJB) for better scalability and performance. Hands-on advice for using tools like BEA WebLogic Application Server (something of an industry standard) will help you apply your knowledge to real projects. Further examples look at real-world instances of corporate e-commerce in action, including working code for a portal Web site, a supply chain application (using XML), and a workflow Web application. The book closes with newer technologies like m-commerce (in which business is conducted through wireless devices) and smart cards.

The working source code and real-world perspective help distinguish this text in its presentation of some emerging Java enterprise-level technologies. For many working Java developers or managers, Professional Java E-Commerce can help shift the odds in your favor for that next big e-commerce project with its mix of canny advice and very practical sample source code that shows the right ways to use Java to write several high-end enterprise e-commerce solutions. --Richard Dragan

Topics covered:

E-commerce business strategy and planning
Types and business impact of e-commerce (including B2C, B2B, B2B2C, C2C, C2B2C, and m-commerce)
Business requirements for e-commerce applications (including technological and business considerations)
E-commerce project planning (software project management and process)
Guide to architecting e-commerce applications (technical requirements and architecture)
Overview of the Java 2 Enterprise Edition (J2EE) and its support for e-commerce
Design approaches and components for e-commerce
Introduction to XML and XSLT
Security issues for online business (including Java security, authentication, and authorization)
Sample B2C online computer store
Usability issues (searching, feedback, and membership and internationalization)
Data validation techniques for user input (client-side and server-side options)
Adding Enterprise JavaBeans to the e-commerce site
Using BEA WebLogic
Case study for a custom portal
Case study for a B2B solution using XML/XSLT to share data between systems in the supply chain
Mass integration with the Java Message Service (JMS)
Introduction to application service providers (ASPs)
Case studies for a workflow application and a corporate purchasing Web site
Introduction to m-commerce
WAP and WML
Smart cards
XML and XSLT primer

Book Description

The term e-commerce encompasses a spectrum of trading interactions from the business-to-consumer (B2C) transactions that facilitate Web-based retail trade, to business-to-business (B2B) data exchange that increases supply chain efficiency. This book shows how the Java platform and Java technologies can be, and have been, employed to develop solutions that address these scenarios.

To allow readers to gain a full appreciation of the diversity of topics involved in building e-commerce solutions, the book consists of five main sections. We begin by looking at the general area of e-business and the commercial considerations surrounding such application development. We then look at the Java 2 Platform Enterprise Edition (J2EE), XML, and XSLT. Building on this, we discuss the development of B2C sites for online selling and the design of effective portal sites. Our fourth section is devoted to the expanding area of B2B commerce where XML and XSLT are proving invaluable. Finally, we highlight new developments in the area of m-commerce and see how Java technologies can be used to facilitate trading anywhere. A particular feature of the book is the inclusion of case studies that provide hard won information on the challenges of building effective B2C and B2B applications in the real world.

Customer Reviews:

Excellent coverage.......2002-12-09

This is the only book that covers such a wide range of issues relating to the application of Java to e-commerce. Although there are subjects that experienced users would certainly prefered to see treated in more depth this is an invaluable resource to those that need to get the big picture to a level that is practical and useful for understanding application and designing solutions. Well done.

Out of date and filled with fluff.......2002-10-27

Of all the technical books I've read this one qualifies as the worst. It's out of date, but even when it was new it would justify my opinion.

It attempts to cover too wide an area of subjects, and manages to either state the obvious (as in the first chapters that make a sophmoric attempt to define e-commenrce), to display questionable knowledge on the part of contributing authors, as in the section that lamely attempts to discuss architecture. The section on architecture should have been written by someone who could write and who understood architecture. Unfortunately I got the impression that the authors had neither qualifications.

The case studies were interesting, but were not sufficiently insightful to warrant buying this book that those alone.

There are positives to this book though. It weighs nearly 6 pounds, making it suitable as a doorstop. Having photos of all of the authors who contributed on the front cover is helpful if you conduct interviews since it helps in the screen process in case one of them shows up for an interview or tries to come in as a consultant.

My advice is to avoid this book. There are much better ones that cover the subjects in it.

Disappointing.......2002-10-25

There are a few good sections in this book (mainly the chapters that deal with WebLogic and the appendices of primers and reference material that comprise Section 6). However, considering that this book weighs in at over 1000 pages, its mainly fluff or glib (but not helpful), with too much material that states the obvious.

Much of the fluff is found in Section 1 (The E-Commerce Landscape), and Section 2 (Architecting Java-Based E-Commerce Systems) was, in my opinion, a glossed over, high-level overview that was used as filler.

Sections 3 (B2C E-Commerce Solutions) and 4 (B2B E-Commerce Solutions) have a few interesting chapters in each. My main complaint here is that Section 3 is a mix of solutions and techniques, while Section 4 is purely solution-focused. Section 5 (M-Commerce) is too light to be useful, and most of the material is already woefully out of date.

My recommendation is to pass this book up and, instead, seek out single-topic books that address the subjects in which you're interested.

Where's the e-commerce, where's the professionality?.......2002-04-07

I can't believe the rating some people give this book. This book touches a lot of areas with little depth. The book contains a lot of filling with no practical usable things.

The information on practical Java E-commerce is very limited, and if you need usable information on JSP, Application Servers, ... I suggest you buy books about the specific areas you need information on. Even if this book was intended to be a high level overview on E-commerce it would miss its mark.

Ecellent overview of a wide range of topics.......2001-07-27

The Audience for this Book

Java E-Commerce is aimed at people who already know Java and need to evaluate the technologies available. I first I wondered what the target audience would be, if you are a programmer you might not get to choose the technologies and if you are a manager you might not have the time or inclination to learn about these technologies in such depth. I now appreciate that they are appropriate for just about anyone except a beginner, most programmers need to know what technologies are available and managers need to know what the programmers are talking about.

How the book is organised

The book is divided into five sections starting with The E-commerce Landscape. This didn't tell me much I didn't already know, evolution of internet... exciting, define e-commerce....arpanet, web browsers etc etc. All scene setting stuff, but you can't have a fairy story without "once upon a time". Things get a little more interesting with Section 2, "Architecting Java Based e-commerce systems".

Some parts of the web world assume that "everyone uses Microsoft Internet Explorer". The authors of this book recognize that in the future your audience might well be WebTV, a mobile phone or PDA. Although there is plenty of coverage of specific Java technologies such as EJB and Servlets the book recognises that most developments will have to fit in with legacy systems and that the heart of the task is to give the potential purchaser a usable and easy browsing experiences.

Much of the material covers topics I already knew about superficially. Some crucial aspects covered are EJB, XML and JMS. I was fairly stunned to note a mention of the Log4J technology from the Apache group. If you haven't come across Log4J, go to the Apache org web site and download it. I challenge anyone not to find a use for it in any non trivial application. Even allowing for the time it takes to put a book together this illustrates that the authors are right at the front of developing technologies, absorb what these people say, they know what they are talking about.

Plenty of XML Coverage

The topic of XML runs though large parts of the book. Chapter 16 gives an interesting overview of the emerging standards in XML dtd's. There are a raft of competing standards and the dust is yet to clear on which ones will be generally adopted. Chapter 13 has an in-depth discussion of an Intelligent Assistant, ie a natural language parser system to allow customers to interact with a virtual shop assistant. I thought this was interesting in an academic way but I suspect that the number of people who will actually adopt this technology would be very small indeed. The

Bits I enjoyed most

The part I enjoyed most was a part I thought I might not even get around to reading which was Chapter 23, "In the MarketPlace, Corporate Purchasing". This is written in a laconic style by people who obviously have plenty of real world experience. Mixed in with headings like " Characteristics of Corporate Purchasing Systems are titles like "The headaches of having more than one partner." At the end of this chapter are 4 case studies that made me smile for all the right reasons. I did my post graduate education in Software after I had a decade of experience in the industry. It used to annoy me that the lecturers insisted on describing an ideal world that I knew did not exist. I get annoyed by technical books that insist that by following their golden recipes everything will go perfectly. The 4 case studies illustrate that things rarely go to plan, frequently do not go as expected and sometimes have to use horrible solutions but can still solve the problems. If you are browsing your local book shop, pick up this book and jump to the end of chapter 23.

I try to read everything I can about emerging net and Java technologies but I learnt a whole slew of new things reading Java E-Commerce. Notably the nature of B2B technologies. I had rather foolishly assumed it was just more web applications where the person using the browser at one end was in a business and connecting to a server at another business. It actually refers to using web technologies to replace the automated EDI technologies that large corporations have been using for years. I found the topic of XSLT transformations fascinating in that it explains how to get around the incompatibilities between different forms of XML used by different companies. If two companies use different DTDs to structure their XML XSLT can be used to convert between the formats. Until I read that section I had thought of XSLT as a way of transforming XML into nicely formatted HTML.

I found the chapter on M-commerce (transactions via mobile devices) to be interesting as a primer on what can be done via mobile devices, but I suspect you could fit everyone who has ever placed an order via a mobile phone, in my living room and still have space for unexpected visitors.
The book gives a high level coverage of a wide range of related Java technologies by people who appear to have actually worked with them on real world projects. The authors seem to have actually used the technologies in the real world rather than just read the documents and played with a few toy applications. It gives you enough to evaluate how and where you would use each of the technologies and examples of how people have used it in real projects.

Should you buy it?

If you want to be aware of what technologies are available and find out how they can be applied then this is an excellent buy. If you want to start to learn and implement any of the topics mentioned from scratch, you would be better off buying a book that caters specifically for that topic.
...

Byte Wars: The Impact of September 11 on Information Technology
Average customer rating:

YET ANOTHER BOMB

Byte Wars -- Another Yourdon Beatup.

Wait for a better book

Much more than the impact of Sept. 11 on IT

Forget Y2K! 9-11 was real, we need to to think about it!

Byte Wars: The Impact of September 11 on Information Technology
Edward Yourdon , and Ed Yourdon
Manufacturer: Prentice Hall PTR
ProductGroup: Book
Binding: Paperback

Culture | Business & Culture | Computers & Internet | Subjects | Books
Network Security | Networking | Computers & Internet | Subjects | Books
Information Systems | Software Engineering | Computer Science | Computers & Internet | Subjects | Books
General | Computers & Internet | Subjects | Books
Mathematics | Professional Science | Professional & Technical | Subjects | Books | Applied | Chaos & Systems | Geometry & Topology | Mathematical Analysis | Mathematical Physics | Number Systems | Pure Mathematics | Transformations | Trigonometry
All Titles | Qualifying Textbooks - Fall 2007 | Stores | Books
Computers & Internet | Qualifying Textbooks - Fall 2007 | Stores | Books
Professional | Qualifying Textbooks - Fall 2007 | Stores | Books
Similar Items:

Software Engineering (Practitioners)

CISSP All-in-One Exam Guide, Third Edition (All-in-One)

Systems Engineering Principles and Practice

Publication Manual of the American Psychological Association, Fifth Edition

Hacking Exposed

ASIN: 0130477257

Amazon.com

Less sensationalistic than its title suggests, Byte Wars: The Impact of September 11 on Information Technology compiles software developer Edward Yourdon's timely concerns about 21st-century IT security. Specifically addressing government officials, corporate executives, IT managers, programmers, and citizens, he identifies risks to safety, privacy, and other fundamental values and provides concrete steps they (that is, we) can take to disarm threats.

Yourdon is well known for having beaten the Y2K drum vigorously, and it would be easy to mistake him for a hysteria-monger. His clarity, confidence, and good humor will quickly allay any doubts in the reader's mind; though some of his ideas have only the most tenuous link to the events of 9/11, they are all well considered and valuable as we move further into an era we don't yet understand.

Examining emergent systems, resiliency, death-march projects, and more with an eye toward securing our lives and liberty, Byte Wars gives us an optimistic look at our murky future. --Rob Lightner

Customer Reviews:

YET ANOTHER BOMB.......2003-11-15

A few years back, Ed was so hard up for cash that he wrote a book called "Time Bomb 2000!" in which he predicted the end of civilization. This silly prophecy only served to expose Yourdon for the fly-by-night, fast-talking, hourly-rate, con artist that he is. In other words, Ed completely undermined his reputation with every CIO in the industry.

My guess is that, on 1/1/2000, Ed was hunkering down in his survival retreat, drinking his bottled water, and wondering where in god's name his credibility went.

Given that his career as an oracle was cut short, Ed decided that he'd stop predicting the future and start cashing out on the 9/11 mania. Just like any talk show host or stand up comedian, Ed found ample material to make a few bucks off of the hysteria. He demonstrated the kind of initiative that would make Jeraldo Rivera proud.

The goal of this book is to keep Ed's name in circulation, so that he can charge a few more dollars for his worthless consulting services. Perhaps he'll use the royalties to refinish his deck or replace the transmission in his aging sports car. Ed's not going to tell you anything you don't already know, he's just going to make you think he will (which is the trick he uses to get you to buy it).

This leads me to think that I need to write Ed a letter...

Dear Ed,

Hello there little trooper. Isn't time for someone to pack it up and call it a career? Wouldn't the whole industry benefit if you took your fat, wrinkled, mug out of the public eye.

You pretty much admitted, in DeathMarch, that structured analysis was a crock. Face it, old man, you're over the hill. You've got no good ideas left. You're so desperate for ideas that you're reprinting Deathmarch. What are you going to do next time, reprint Time Bomb 2000!

I think you've fooled enough people out of their money. You've had your fun, Ed, now retire to Boca Raton and give us all a well deserved rest.

Please, Ed, pretty please.

Your Pal,
LLNL Engineer

Byte Wars -- Another Yourdon Beatup........2002-09-22

I paid ... for this worthless beatup. There is little new
thought in it, and almost no depth. The main thread running
through it is that September 11th changed all of the rules and
a secondary thread is that Ed had finally twigged to the fact
that many other races and nationalities don't like the style
business practices and methods of the US of A.

Well Ed, September 11th didn't alter ANY rules of computer
security, it just moved security to a brighter location
in the CEO's firmanent and most third worlders have loathed
the USA for as long as I've been on the planet. They've just
got a lot more effective in expressing that feeling lately.

I can honestly say I expected a book with some technical
appreciation of the problem and some working methods for
bypassing and sidelining mid-level managers whose major
worry is the number of fly-buys they've racked up for
the month.

If you're looking for answers or technical tips on Infowar
don't spend your money on this ... book, its a yaaaawwwwnnn!

Regards,

Sherro.

Wait for a better book.......2002-04-25

Ed Yourdon's most well-known recent work is probably TimeBomb 2000, a book that inspired so much unwarranted fear that one terrified couple on his Internet forum attempted to give away their newborn grandchild to complete strangers in hopes that it would survive the terrible Y2K rollover. Indeed, Yourdon himself was quoted as saying that the likelihood that the various Y2K "trigger dates" would pass without incident was equal to that of pigs learning to fly.

Thankfully, Byte Wars avoids such ridiculous predictions and hysteria, but instead offers the reader no new insights into information technology and little to nothing relating to 9/11. Yourdon is a true Master of the Obvious in this book, which apparently capitalizes on the 9/11 tragedy without actually addressing it. If you're looking for real insight into the effects of 9/11 on the IT industry, I would wait a few more months for a more relevant work. This one just doesn't cut it.

Much more than the impact of Sept. 11 on IT.......2002-04-16

The subtitle of this book is a trifle misleading: Byte Wars is about a great deal more than the impact of September 11 on information technology. It is indeed as it proclaims, but covers a far wider scope. In Byte Wars, Ed Yourdon examines the myriad strategic shifts, trends, and paradigm changes not necessarily caused by Sept 11th, but trends that were already underway and have been changed or accelerated by the war on terrorism.

The author speaks directly to the reader in his typically confident tone, but the voice this time is more sober. There is not much of the typical humor we expect from Ed Yourdon, he is clearly shaken and sobered, like most of us, by the horrific events of Sept. 11th. Indeed, the first sentence, "This is not a book I expected to write" is a harbinger of much of the book's the sobering matter.

The structure of the book is straightforward: It begins with an overview of the broad changes which will profoundly affect industrialized and developing countries. This introduction is followed by more specific, detailed chapters about major aspects of IT and thoughtful predictions of sweeping changes to come in the areas of security, risk management, emergent systems, resilient systems, good enough systems, and death-march projects. A note about the "Death-March" chapter--it may suffice as an introduction to this topic for the general reader, and provides a timely update on the topic for readers of Mr. Yourdon's earlier book by the same title.

This is an important book-particularly for IT professional and those directly affected by the IT industry. I highly recommended Byte Wars for this audience as well as general business readers and thoughtful readers of the general public.

Forget Y2K! 9-11 was real, we need to to think about it!.......2002-04-12

I read Yourdon's Y2K book a couple years ago, so I decided to read this one too. I don't see why people are making such a stink about all of this. He didn't predict the end of the world with Y2K - he just said there COULD be problems, and that people ought to check it out and make their own decisions.

Anyway, y2K was theoretical when everyone was writing those books, nobody knew for sure what might happen or might not happen. September 11 was real, the only question is whether something like it might happen again. The terrorists say that it will, and the government bigwigs say that its pretty likely. So the question is what should we do about it.

I thought maybe Yourdan was going to talk about anthrax and smallpox and nuclear bombs in his book but he doesn't. He only talks about the computer risks. I don't see why anyone wold attack my computer at home, so I was skeptical at first. But he made me think a lot about the idea of grass-roots networks and what he calls emergent systems, because things are happening too fast and too unpredictable for the government to tell us what to do. Like it took the government six months to come up with this color coded alert system, and all they can do is tell us we are at yellow alert right now but they don't tell us what we should do about it. We have to figure it out by ourselves, we're on our own.

I see some other people are saying Yourdan only wrote what you could find in other books. Well maybe so, but he has a bibliography with 54 books in it, and I'm sure glad I didn't have to buy all those books and read them to understand what's going on. And it looks like he tracked down hundreds of newspaper and magazine articles to get the detailed information, and I sure don't have time to do that by myself.

Anyway, Yourdan really made me think about some stuff that I didn't even know about. Some of it doesn't matter very much in my life, especially because I don't even work in a computer job. But if God forbid there is another terrorist attack, and if it's a computer attack instead of planes flying into buildings, some of his ideas could really be important to me and my family. It doesn't matter to me if I agree with everything he says. The main thing is he made me THINK about some things.

Secure XML: The New Syntax for Signatures and Encryption

Average customer rating:

For an executive novice, this book shines
A much-needed book
With extensive discussion and practical examples
XML and cryptography?
The book on XML security

Secure XML: The New Syntax for Signatures and Encryption
Donald E. Eastlake , and Kitty Niles
Manufacturer: Pearson Education
ProductGroup: Book
Binding: Paperback

Network Security | Networking | Computers & Internet | Subjects | Books

General | Programming | Computers & Internet | Subjects | Books

General | Computers & Internet | Subjects | Books

General | Software | Computers & Internet | Subjects | Books

Look Inside Computer Books | Trip | Specialty Stores | Books

jp-unknown1 | Specialty Stores | Books
Similar Items:

XML Security

ASIN: 0201756056

Customer Reviews:

For an executive novice, this book shines.......2003-03-18

In researching business requirements for enterprise web services, it soon became obvious that XML security would be an important issue.

I happened across this book, with a seemingly simple format and am impressed with the information it provides, the progression of information, and how well I was able to understand and comprehend the concepts detailed.

After reading serveral books on XML in general, I would recommend this book to anyone just wanting to learn XML concepts.

I wish more technical books gave me the same feeling of usefulness that this one gave me.

As they say in the movie industry... "An enthusiastic thumbs up"

A much-needed book.......2003-02-12

This is a great book. I rarely give a book 5 stars, but this one has earned it.

The author's technical and standards body background is a tremendous help in helping the reader sort out the substance from the hype. This book covers XML and cryptography basics, DTDs, XML Schema, XML digital signatures and encryption, and SOAP.

I like the author's comparisons of XML with other encoding schemes, particularly ASN.1 DER which is prevalent in the security standards world.

Also helpful are the author's "soapbox" comments, which handily dispel the notion that you should accept all parts of a standard as the absolute truth and the final word. For example, "X.500 identities are baroque hierarchical names in which each level of the hierarchy consists of an arbitrary, unordered set of attribute-value pairs. They are just one of the complexities and false assumptions (such as the assumption that everyone would allow themselves to be listed in one global public directory, including companies listing all their employees) that doomed the X.500 Directory as originally conceived". I love it!

You'd be hard pressed to go wrong with this book.

With extensive discussion and practical examples.......2002-10-08

Collaboratively written by Donald Eastlake (Co-chair of the joint IETF/W3C XML Digital Signature working group) and freelance technical writer Kitty Niles, Secure XML: The New Syntax for Signatures and Encryption is a solid, accessible, step-by-step guide to the processes for encrypting and ensuring security of XML applications. Individual chapters competently address canonicalization and authentication, encryption, cryptographic and non-cryptographic algorithms, and much, much more. Highly recommended for advanced XML users, Secure XML is a comprehensive, technically proficient, and detailed instructional resource and reference filled from cover to cover with extensive discussion and practical examples.

XML and cryptography?.......2002-10-07

Suppose you have XML data that you want to regularly
send to Bob, across the Internet. But it is of a
confidential nature, so you don't want to send it as
plaintext. Well, you can try using low level
encryptions, like SSL or TLS. But these don't give any
authentication, ie. Bob can't tell that you actually
sent them. Also, once Bob gets the messages, they are
all in plaintext, so he can't easily protect these
against others, if he is on a multiuser computer.

One answer is to incorporate encryption into XML, by
defining cryptographic standards that sit atop XML,
and generate XML documents with encrypted data. These
let you and Bob use powerful XML-based routines like
XPath, XLink and XPointer. Plus, you can now do things
like append your digital signature to your plaintext
file, encrypt the combination with Bob's public key,
and get a resultant XML document that you can send
Bob. Upon receipt, he can decrypt it and verify that
you are the author, all the while dealing with XML
documents.

This book explains the emerging XML standards that
make this possible. They discuss at a high level the
various cryptographic algorithms, like AES [Advanced
Encryption Standard], Diffie-Hellman and MD5. Little
mathematics is needed, as they leave the mechanics of
the algorithms to other books. Instead, they describe
the XML infrastructure that uses these.

The book has a necessarily comprehensive description
of canonicalisation; which refers to the rewriting of
an XML document in a standard form, prior to
encryption. Otherwise two semantically identical
documents would give different ciphertexts, which is
confusing.

If you have been wondering if you should encrypt your
XML documents, and how to do so, this book may clarify
many issues.

The book on XML security.......2002-09-30

When you read the XML specification, you will notice that it contains no notion of security. Critical security functionalities such as encryption, digital signatures, and authentication are simply not part of the XML standard. XML is similar to many other protocols, languages, and operating systems in that it was originally developed without any thought to security and privacy. It is only after serious security vulnerabilities are discovered and publicized that they are patched. But this find, patch, fix mentality of information security is dangerous in that security problems can exist for months or years before they are found.

Similarly within XML, much of the security functionality has been added post- facto, namely in Canonical XML, XML Signature, and XML Encryption Syntax and Processing. By adding security to the core feature set of XML, the W3C has ensured that,
to a degree, the find, patch, fix method won't be the manner in which XML security is developed. A good reference book can help you navigate this XML security landscape.

Topics such as authentication, encryption, XML signatures, algorithms, and keying are discussed. For the most part, the bulk of XML security is covered.

Donald Eastlake, the lead author of Secure XML: The New Syntax for Signatures and Encryption, is the co-chairman of the joint IETF/W3C XML Digital Signature working group, a member of the W3C Encryption and W3C XML Key Management System working groups, and co-author of the XML Digital Signature, XML Encryption, and XML Exclusive Canonicalization standards. It is clear that Eastlake lives and breathes XML. As Eastlake is a writer of numerous W3C XML standards, and standards are often written in a terse and abstract manner; his book has a slightly stiffer writing style than XML Security. If you can get over this style, you can appreciate the comprehensive and uthoritative look at XML the book provides from one of the key architects of the syntax.

Secure XML covers and details every XML security feature. Also, it spends a lot of time giving examples of syntax and language use. This is especially so in chapter 9, XML Canonicalization - The Key to Robustness. Canonicalization is the extraction of the standard form of some data and the discarding of insignificant aspects of the data's surface representations. The book notes that getting the right canonicalization is one of the most important, yet difficult aspects of digital authentication within XML. Chapter 10 goes into great detail about XML signatures and authentication. The chapter gives numerous code examples of various contexts, schemas, and elements that readers can use on their own XML servers. Chapter 10 also has numerous notes and historical information about XML security with information that can't be found elsewhere.

Long-Term Preservation of Digital Documents: Principles and Practices
Average customer rating:
Long-Term Preservation of Digital Documents: Principles and Practices
Uwe M. Borghoff , Peter Rödig , Jan Scheffczyk , and Lothar Schmitz
Manufacturer: Springer
ProductGroup: Book
Binding: Hardcover

Encryption | Security & Encryption | Web Development | Computers & Internet | Subjects | Books
DSPs | Microprocessors & System Design | Hardware | Computers & Internet | Subjects | Books
General | Computers & Internet | Subjects | Books
General | Databases | Computers & Internet | Subjects | Books
XML & Databases | Databases | Computers & Internet | Subjects | Books
General | Software | Computers & Internet | Subjects | Books
Look Inside Computer Books | Trip | Specialty Stores | Books
All Titles | Qualifying Textbooks - Fall 2007 | Stores | Books
Similar Items:

Preserving Digital Information

Web Archiving

ASIN: 3540336397

Book Description

Key to our culture is that we can disseminate information, and then maintain and access it over time. While we are rapidly advancing from vulnerable physical solutions to superior, digital media, preserving and using data over the long term involves complicated research challenges and organization efforts.

Uwe Borghoff and his coauthors address the problem of storing, reading, and using digital data for periods longer than 50 years. They briefly describe several markup and document description languages like TIFF, PDF, HTML, and XML, explain the most important techniques such as migration and emulation, and present the OAIS (Open Archival Information System) Reference Model. To complement this background information on the technology issues the authors present the most relevant international preservation projects, such as the Dublin Core Metadata Initiative, and experiences from sample projects run by the Cornell University Library and the National Library of the Netherlands. A rated survey list of available systems and tools completes the book.

With this broad overview, the authors address librarians who preserve our digital heritage, computer scientists who develop technologies that access data, and information managers engaged with the social and methodological requirements of long-term information access.

Average customer rating:

Excellent and the only book of its kind, though a minor bias
Application specific content
Excellent book on XML security
Slight vendor bias - excellent info + W3C spec coverage

XML Security
Blake Dournaee
Manufacturer: McGraw-Hill Osborne Media
ProductGroup: Book
Binding: Paperback

Network Security | Networking | Computers & Internet | Subjects | Books

General | Programming | Computers & Internet | Subjects | Books

General | Computers & Internet | Subjects | Books

General | Databases | Computers & Internet | Subjects | Books

XML & Databases | Databases | Computers & Internet | Subjects | Books

General | Software | Computers & Internet | Subjects | Books

General | Law | Subjects | Books

General | Law | Professional & Technical | Subjects | Books

Look Inside Computer Books | Trip | Specialty Stores | Books

All Titles | Qualifying Textbooks - Fall 2007 | Stores | Books

Business & Investing | Qualifying Textbooks - Fall 2007 | Stores | Books

Computers & Internet | Qualifying Textbooks - Fall 2007 | Stores | Books

Professional | Qualifying Textbooks - Fall 2007 | Stores | Books
Similar Items:

Web Services Security
Secure XML: The New Syntax for Signatures and Encryption
Securing Web Services with WS-Security: Demystifying WS-Security, WS-Policy, SAML, XML Signature, and XML Encryption
Service-Oriented Architecture (SOA): Concepts, Technology, and Design (The Prentice Hall Service-Oriented Computing Series from Thomas Erl)

ASIN: 0072193999

Book Description

Use this book as both an XML primer and to get up to speed on XML-related security issues. Written by the experts at RSA Security, Inc., you’ll get inside tips on how to prevent denial of service attacks, and how to implement security measures to keep your XML programs protected.

Download Description

Get up to speed on XML and applied security technologies using this authoritative guide. Covering the fundamentals of XML structures and related security technologies--including XML signatures, XML encryption, and the XML key management specification--this resource contains both the conceptual information and the practical techniques you need to successfully work with this data-structuring language.

Customer Reviews:

Excellent and the only book of its kind, though a minor bias.......2004-10-09

For long I have been looking for a book on XML security. Always ended up with the web-literature only. But since I bought this book, its been very helpful in understanding what seems like a complicated concept.

One issue was that the URL link to download the Cert-J SDK does not work. in the sense,the survey on the link goes in circles. I could not reach the operator either to get my hands on SDK to try it out. So, am trying out the Apache XML security suite for now.
It will be great if I can get the Cert-J as well.

thanx guys for a focussed and great book

Application specific content.......2004-09-28

The above book is full of information with regards to XML Security and it's implementations. However, I found it to be VERY application oriented towards RSA's own Bsafe product Cert-J.

If you are interested in utilizing a C or C++ parser you should look for a different book. But, if you will be developing and/or utilizing XML via a Java-based program; this is definitly the book for you.

Excellent book on XML security.......2002-09-30

XML Security is a reader friendly title and focuses more on the implementation of XML. For readers looking for ways to use XML and less coding examples, XML Security is more useful book. The author, Blake Dournaee, is an employee of RSA Security, and the book is an RSA Press imprint. Furthermore, Chapter 8, the book's longest chapter, is about XML Signatures implementing the RSA BSAFE(c) Cert-J toolkit. Even with the RSA vendor bias, XML Security provides a good reference to the XML security functionality.

This book spends more time introducing the reader to security concepts, and Chapters 2 and 3 (Security Primer and XML Primer) provide the reader with a good overview about all of the significant concepts involved. Chapter 6 provides a plethora of XML signature examples. As XML signatures are rich in their features and syntax, combined with the vast number of elements and permutations of those elements, it can be quite difficult for someone to understand how to properly use XML signatures. Chapter 6 provides 14 different scenarios and their proposed solutions. These scenarios range from adding a single signature to a basic XML document, to adding multiple types of signatures to various documents. For readers who need good hands-on examples, Chapter 6 is worth the price of the book alone.

Slight vendor bias - excellent info + W3C spec coverage.......2002-07-01

Given the fact that XML is a key component of web services, and extensively used in e-commerce and enterprise applications integration, this book addresses a genuinely important topic. For one reason, XML is text-based and can expose proprietary information, which is a vulnerability for competitive intelligence specialists and corporate spying.

Before going into what the book contains it's important to know that much of the material is based on RSA's view of the security. This isn't a criticism, but an up-front statement of fact because if you're looking for a book that is 100% vendor neutral you are going to have to wait until one is written - this is the only book I know of that is solely about XML security.

The book starts with primers on security and XML to set the context. It then covers, in succession, digital signatures (chapters 4, 5 and 6), and XML encryption. These chapters are consistent with work and specifications produced by XML Signature WG (joint the Working Group IETF and W3C for digital signatures) and the W3C working group for XML Encryption.

Chapter 8 is specific to RSA products. It shows how to implement XML encryption using RSA BSAFE© Cert-J, which can be downloaded in a trial version from RSA's website. Chapter 9 covers XML key management specification, which are consistent with the W3C working group's specifications, and how XML security relates to web services.

Amazon.com

By tapping the strengths of the open-source movement, developers can write custom Linux software without spending a dime on licensing fees. Aimed at the experienced C/C++ programmer, Professional Linux Programming provides a wide-ranging and hands-on guide to the different pieces of the puzzle that are required to program successfully on this exciting new platform.

The book is framed as a case study for building a custom database program in Linux for a video rental store. After a tour of the requirements and a brief look at project management for creating this software, the various Linux packages that are needed to implement this system are described, along with sample code, most of which is written in C. Some packages, such as the CVS version-control package, come with most distributions of Linux; others will require downloading additional software over the Internet. In every case, you're provided with the actual command-line arguments that are needed to install, configure, and run each package.

Besides a great exploration of CVS for version control, this title offers excellent coverage of the free PostgreSQL and MySQL databases, which are two very popular choices for Linux databases. The book also does a good job of explaining UI design under both the GTK+/GNOME and KDE (two popular Linux desktops), and how to extend the reach of the sample database application by using Remote Procedure Calls (RPCs) and CORBA. Of course, the finished application doesn't use every Linux API that's covered here, but the book does cast a wide net, and introduces features and tools that are available.

Two prominent chapters take you on a tour of the essentials of other programming languages. There's PHP for Web development and an appealing, enthusiastic introduction to Python (which probably will turn you into a Python convert). Later chapters provide practical tips for testing and debugging applications, including how to profile your code. The book closes with a useful guide to creating Red Hat Package Manager (RPM) packages for deploying applications, as well as an overview of your options for internationalization.

By covering so many APIs, languages, and tools effectively, Professional Linux Programming gives experienced C/C++ programmers all that they need to get started with Linux development. With its remarkably clear presentation style and abundance of practical tips, the book is an admirably useful blueprint for building custom software. --Richard Dragan

Topics covered:

Introduction to open-source software and Linux requirements
Use cases and sample C objects for sample video rental store
Version control and CVS (command-line options, revisions, branches, and multiuser version control)
Open-source freeware packages compared (mSQL, MySQL, and PostgreSQL)
Introduction to databases
Installing and using PostgreSQL
Tutorial on psql SQL
PostgreSQL C database APIs using libcq and embedded SQL calls with ECPG
Installing and using MySQL (command-line utilities and C database APIs)
Debugging with gdb
Introduction and tutorial to UI programming with glib
GTK+ and GNOME
Source trees and GNOME
UI design with Glade
Testing strategies (including regression testing, profiling, and memory bounds checking)
KDE/Qt UI programming
Introduction and quick tutorial to Python (keywords and basic syntax)
PHP for Web programming
Introduction to Remote Procedure Calls (RPCs) and CORBA
XML basics (document structure, parsing, and libxml)
Strategies for documentation (including custom man pages)
Distributing Linux applications with Red Hat Package Manager (RPM) packages
Code patches

Book Description

As Linux increases its presence throughout the world as a target platform for professional application development, its growth as a powerful, flexible system offering many free development tools assures its place in the future. By giving you easy access to this comprehensive range of tools, supporting new and nascent technologies, at little or no cost, developing with Linux allows you to apply the solution that's right for you.

In this follow-up to the best-selling Beginning Linux Programming, you will learn from the authors' real-world knowledge and experience of developing software for Linux; you'll be taken through the development of a sample 'DVD Store' application, with 'theme' chapters addressing different aspects of its implementation. Meanwhile, individual 'take-a-break' chapters cover important topics that go beyond the bounds of the central theme. All focus on the practical aspects of programming, showing how crucial it is to choose the right tools for the job, use them as they should be used, and get things right first time.

Who is this book for?

Experienced Linux programmers and aspiring developers alike will find a great deal of practical information in this book on libraries, techniques, tools and applications. You should be familiar with a simple Linux system, have a good working knowledge of programming in C, and a basic understanding of object-oriented programming with C++ for the Qt/KDE chapters.

What does this book cover?

Data storage in Linux - including coverage of PostgreSQL, MySQL and XML

Implementation of Linux GUIs - covering both KDE and GNOME

Web-based interfaces - using the PHP module for Apache

Python - including extending and embedding the language

Using RPC and CORBA to construct distributed object-based applications

Versioning (with CVS), documentation, internationalization and project distribution

Distributed hardware solutions such as diskless Linux and Beowulf clustering

Customer Reviews:

heavy reading.......2002-04-16

The biggest problem I have with this book is its weight. It's just too big and clunky to hold up to read. Splitting into two bindings would have been nice. But it does cover a lot and it needs to be large to do so.

Good reference.......2001-09-08

I bought the Beginners Guide to Linux Programming and I really liked that book. This book is a very good follow-up, but it doesn't give the reader more programming tips.
It covers many topics which makes this book a great reference for anyone who deals with Linux and even other flavors of Unix on a day to day basic. Buy this book if you are looking for a reference book on developing software on Linux that covers advanced topics.

Good reference for a wide range of Open Source technologies.......2001-01-02

This book is a follow-up to Beginning Linux Programming, but with a wider range of authors. The book is a series of chapters on various tools and applications, all of them Open Source, based mainly round things that application developers might use, though there is a single chapter on device drivers.

Most topics only get a single chapter, so there isn't as much depth as you would find in a dedicated book on each topic, but there is a very wide range of material all covered in enough depth to get the more experienced programmer started with a new topic. There are one or two weaker areas, but overall a good choice of material succinctly presented for the more experienced application developer. I've given it 5 stars as it was exactly what I was looking for - a single reference to help me create a Linux-based web database application, your mileage may vary. I recommend you at least consider it.

Excellent book for developing real-world linux solutions.......2000-12-30

This book is the sequel to the excellent' Beginning Linux Programming'. It isn't a book for kernel hackers, and it doesn't pretend to be. (There is a book being written by kernel developers called' Professional Linux Kernel Programming' - make sure that you order the correct one!). Instead, this heavyweight book is a very useful guide for those wishing to develop real world applications. It covers the tools used for developing serious web applications, such as the databases MySQL and PostgreSQL, and the excellent PHP language. When it comes to desktop and client server you are spoilt for choice - just about everything is covered. It is especially nice to see Python content - one of the areas missing from their first book as Python is very easy to learn and both powerful and flexible. If anything else was covered I'm not sure how the publishers would bind it! The level of detail is such that the reader will be able to achieve useful results based on the book alone, and any further detail is usually available as part of the documentation supplied when installing the software tools. Single subject books often just duplicate this, and quickly become dated. Where there are references to other books, it is nice to see that it is not just Wrox books which are recommended. The book is written in a style which is both readable and serves as a useful reference work, spending more time next to my computer than it does collecting dust on a shelf. I'd have no hesitation recommending this book to anyone wishing to develop Linux solutions for today and for the future - throw away those VB books now!

Not for the Kernel Hack.......2000-12-18

If you are looking for information on hacking the Linux Kernel then this book is not for you. Also it shows a total bias towards GTK/GNOME and PostgreSQL. There are places in the text which shows a complete lack of understanding of the subject under discussion. Information concerning MySQL is at best inaccurate and totally misleading. The treatment of KDE and Qt is very scant. Overall this book falls very short of expectations. It trys to be all things to men but ends up being nothing. Very disappointing indeed

Average customer rating:

SOA Security
Ramarao Kanneganti , and Prasad Chodavarapu
Manufacturer: Manning Publications
ProductGroup: Book
Binding: Paperback

Web Services | Web Development | Computers & Internet | Subjects | Books

Privacy | Business & Culture | Computers & Internet | Subjects | Books

Network Security | Networking | Computers & Internet | Subjects | Books

General | Programming | Computers & Internet | Subjects | Books

General | Computers & Internet | Subjects | Books

General | Software | Computers & Internet | Subjects | Books
Similar Items:

Core Security Patterns: Best Practices and Strategies for J2EE(TM), Web Services, and Identity Management (Core Series)
Service-Oriented Architecture (SOA): A Planning and Implementation Guide for Business and Technology
SOA Principles of Service Design (The Prentice Hall Service-Oriented Computing Series from Thomas Erl)
Fast SOA: The way to use native XML technology to achieve Service Oriented Architecture governance, scalability, and performance (The Morgan Kaufmann Series in Data Management Systems)
Service-Oriented Architecture (SOA): Concepts, Technology, and Design (The Prentice Hall Service-Oriented Computing Series from Thomas Erl)

ASIN: 1932394680

Book Description

SOA is one of the latest technologies enterprises are using to tame their software costs - in development, deployment, and management. SOA makes integration easy, helping enterprises not only better utilize their existing investments in applications and infrastructure, but also open up new business opportunities. However, one of the big stumbling blocks in executing SOA is security. This book addresses Security in SOA with detailed examples illustrating the theory, industry standards and best practices.

It is true that security is important in any system. SOA brings in additional security concerns as well rising out of the very openness that makes it attractive. If we apply security principles blindly, we shut ourselves of the benefits of SOA. Therefore, we need to understand which security models and techniques are right for SOA. This book provides such an understanding.

Usually, security is seen as an esoteric topic that is better left to experts. While it is true that security requires expert attention, everybody, including software developers, designers, architects, IT administrators and managers need to do tasks that require very good understanding of security topics. Fortunately, traditional security techniques have been around long enough for people to understand and apply them in practice. This, however, is not the case with SOA Security.

Anyone seeking to implement SOA Security is today forced to dig through a maze of inter-dependent specifications and API docs that assume a lot of prior experience on the part of readers. Getting started on a project is hence proving to be a huge challenge to practitioners. This book seeks to change that. It provides bottom-up understanding of security techniques appropriate for use in SOA without assuming any prior familiarity with security topics on the part of the reader.

Unlike most other books about SOA that merely describe the standards, this book helps you get started immediately by walking you through sample code that illustrates how real life problems can be solved using the techniques and best practices described in standards. Whereas standards discuss all possible variations of each security technique, this book focusses on the 20% of variations that are used 80% of the time. This keeps the material covered in the book simple as well as self-sufficient for all readers except the most advanced.

Professional Web Services Security
Average customer rating:

Not a practical book for building XML security.

At last a decent Web Services Security Book

Finally a book that covers Web Services Security!

Professional Web Services Security
Ben Galbraith , Whitney Hankison , Andre Hiotis , Murali Janakiraman , D. V. Prasad , Ravi Trivedi , and Whitney
Manufacturer: Wrox Press
ProductGroup: Book
Binding: Paperback

General | Java | Programming | Computers & Internet | Subjects | Books
General | Programming | Computers & Internet | Subjects | Books
Encryption | Security & Encryption | Web Development | Computers & Internet | Subjects | Books
Web Services | Web Development | Computers & Internet | Subjects | Books
Network Security | Networking | Computers & Internet | Subjects | Books
General | Computers & Internet | Subjects | Books
General | Software | Computers & Internet | Subjects | Books
Similar Items:

Inside Java 2 Platform Security: Architecture, API Design, and Implementation (2nd Edition)

Beginning Cryptography with Java

ASIN: 1861007655

Book Description

Web Services is a new paradigm that has evolved over the years. With successful demonstration of its proof of concept, Web Services are gradually moving towards occupying an important mechanism for e-commerce, because of the industry's awareness of its potential for integration. This book presents secure web services for e-commerce along with their implementation details. Security is a not only a prime requirement to implement e-business, but also an important concern due to the fact that Web Services can penetrate through firewalls. XML based standards have evolved to cater to the security needs in Web Services, to supplement traditional proven techniques.

Customer Reviews:

Not a practical book for building XML security........2003-01-28

I bought this out of curiosity especially to build XML element level security using SAML, XKMS and XACML.
- This book just reproduced the SAML, XKMS and XACML specs and examples and it does'nt discuss real world implementation scenarios. Which is quite disappointing !
- No discussion on how to create Interoperable Web services security involving Microsoft .NET and J2EE Web services.
- No discussion on implementing Liberty Alliance and Passport.

At last a decent Web Services Security Book.......2003-01-18

At last I have found a decent web services security book. Professional Web Services Security by Wrox. I really like this book as it covers all the specs including WS-Security, SAML and Liberty and all the XML specs including XKMS, XACML, XML Sig, XML Encryption etc. It also has great code examples of using each which is really useful. The best content and broadest coverage I have seen so far (and I have bought a good few to date).

Only criticism is no .NET passport. If you like MS or not its an important spec and should be included.

Finally a book that covers Web Services Security!.......2002-12-26

If you look at all the currently available books on Web Services with titles like Essential Web Services, Web Services Architecture or Building Web Services, all of them have absolutely no coverage of security or have a very thin chapter at the end of their book that talks about SSL. Even WROX's XML Web Services lacks in this area. I am glad to see that WROX filled this void.

The pro's of this book:
-Good coverage of the current security standards such as SSL, XML Signatures, XML Encryption, P3P and XML Key Management.
-Good coverage of the emerging security standards such as SAML and XACML.
-Not a rehash of the specification's but a fairly good attempt to explain and provide good visual examples. This is always the challenge, the more detail you provide the closer you get to repeating the specification specially on the more recent specifications like XACML.
-Well written, good layout, flows well from chapter to chapter.
-Good intermediate book. For advanced security readers, I guess it's best to read the specification.

The con's of this book:
-Table of content on the web says that Chapter 11 is on Secured Web Services but the book actually covers WS-Security. I was very interested in WS-Security with all the different pieces. I was expecting much more from this chapter. It was very short and missed the mark on this very interesting topic.
-I would have liked to see the case study's make use of all the security standards discussed in the book not just a few.
-I would have liked to see a chapter that tied all these topics together in more detail and also discuss other security standards that were not covered and how this all fits with the current Web Services standards.

Business Wire : DataPower's XML Web Services Security Standards Leadership Continueswith Success at W3C XKMS Interoperability Test.
Average customer rating:
Business Wire : DataPower's XML Web Services Security Standards Leadership Continueswith Success at W3C XKMS Interoperability Test.

Manufacturer: Business Wire
ProductGroup: Book
Binding: Digital

General | Business & Investing | Subjects | Books
General | Business & Investing | Subjects | e-Docs | Formats | Books
ASIN: B0007UUZ1W
Release Date: 2005-03-11

Book Description

Word count: 690.

Books:

Books Index

Books Home

Recommended Books