Security for Service Oriented Architectures

作 者:
Walt Williams
日 期:
2014年03月
ISBN:
1466584025

简介

Although integrating security into the design of applications has proven to deliver resilient products, there are few books available that provide guidance on how to incorporate security into the design of an application. Filling this need, Security for Service Oriented Architectures examines both application and security architectures and illustrates the relationship between the two.

Supplying authoritative guidance on how to design distributed and resilient applications, the book provides an overview of the various standards that service oriented and distributed applications leverage, including SOAP, HTML 5, SAML, XML Encryption, XML Signature, WS-Security, and WS-SecureConversation. It examines emerging issues of privacy and discusses how to design applications within a secure context to facilitate the understanding of these technologies you need to make intelligent decisions regarding their design.

目录

Introduction

Four Kinds of Architectures
Architecture
Infrastructure
Software Architectures
2.3.1 Key Principles
2.3.2 Presentation Layer
2.3.3 Business Layer
2.3.4 Data Layer
2.3.5 Workflow
2.3.6 Communications and Messaging
2.3.7 Service Layer
Service-Oriented Architecture
2.4.1 Distributed Computing and Services
2.4.2 Process-Oriented SOA
2.4.3 Web Services or an Externally Focused SOA
2.4.4 Enterprise Service Bus
Security Architecture
2.5.1 Construction of a Security Architecture
2.5.2 Risk Management
2.5.3 Organization and Management
2.5.4 Third Parties
2.5.5 Asset Management
2.5.6 Information Classification
2.5.7 Identity Management
2.5.8 Security Awareness and Training
2.5.9 Physical Security
2.5.10 Communications and Operations Management
2.5.11 Perimeters and Partitioning
2.5.12 Access Control
2.5.13 Authentication
2.5.14 Authorization
2.5.15 Separation of Duties
2.5.16 Principles of Least Privilege and Least Authority
2.5.17 Systems Acquisition, Development, and Maintenance
2.5.18 Confidentiality Models
2.5.18.1 Lattice Models
2.5.19 Nonrepudiation
2.5.20 Integrity Models
2.5.21 Service Clark–Wilson Integrity Model
2.5.22 Security Assessments and Audits
2.5.23 Incident Management
2.5.24 Business Continuity
2.5.25 Compliance
Data Architectures

Implementing and Securing SOA
Web Services
Extensible Markup Language
3.2.1 Signing XML
3.2.1.1 X ML Digital Signature
3.2.2 X ML Encryption
3.2.3 Key Management
3.2.3.1 Key Information
3.2.3.2 Location
3.2.3.3 Validation
3.2.3.4 Binding
3.2.3.5 Key Registration
3.2.4 X ML and Databases
3.2.4.1 A Database Query Language for XML
3.2.4.2 X ML Databases
3.2.5 UDDI
3.2.6 WSDL
SOAP
3.3.1 SOAP Roles and Nodes
3.3.2 SOAP Header Blocks
3.3.3 SOAP Fault
3.3.4 SOAP Data Model 9
3.3.5 SOAP Encoding
3.3.6 Bindings
3.3.7 Documents and RPC
3.3.8 Messaging
WS-Security
3.4.1 WS-Trust
3.4.2 WS-Policy
3.4.3 WS-SecureConversation
3.4.4 WS-Privacy and the P3P Framework
3.4.4.1 POLICIES
3.4.5 WS-Federation
3.4.5.1 Pseudonyms
3.4.5.2 Authorization
3.4.6 Authorization without WS-Federation
3.4.7 WS-Addressing
3.4.8 WS-ReliableMessaging
3.4.9 WS-Coordination
3.4.10 WS-Transaction
SAML
3.5.1 Assertions
3.5.2 Protocol
3.5.2.1 Assertion Query and Request Protocol
3.5.2.2 Authentication Request Protocol
3.5.2.3 Artifact Resolution Protocol
3.5.2.4 Name Identifier
Management Protocol
3.5.2.5 Single-Logout Protocol
3.5.2.6 Name Identifier Mapping Protocol
3.5.3 Authentication Context
3.5.4 Bindings
3.5.5 Profiles
3.5.6 Metadata
3.5.7 Versions
3.5.8 Security and Privacy Considerations
Kerberos
x509v3 Certificates
OpenID

Web 2.0
HTTP
REST
WebSockets

Other SOA Platforms
DCOM
CORBA
DDS
WCF
.Net Passport, Windows LiveID
WS-BPEL

Auditing Service-Oriented Architectures
Penetration Testing
6.1.1 Reconnaissance
6.1.2 I njection Attacks
6.1.3 Attacking Authentication
6.1.4 Attacking Authorization
6.1.5 Denial-of-Service Attacks
6.1.6 Data Integrity
6.1.7 Malicious Use of Service or Logic Attacks
6.1.8 Poisoning XML Schemas

Defending and Detecting Attacks
SSL/TLS
Firewalls, IDS, and IPS

Architecture
Example 1
Example 2
Example 3
Example 4

Bibliography

Index

下载

公众号订阅号
请扫描二维码进入公众号发送消息 geekgist 获取提取码

消息“GeekGist”不区分大小写,提取码有效期为一个月左右,输入后会自动存储在本地,下次无需重复输入。