Training

 

 

Popular Courses

Browse Our Free Resources

  • whitepapers
  • whitepapers
  • webinars
  • blogs

Our Locations

Training Centres

Vancouver, BC
Calgary, AB
Edmonton, AB
Toronto, ON
Ottawa, ON
Montreal, QC
Hunt Valley
Columbia

locations map

Calgary

550 6th Av SW
Suite 475
Calgary, AB
T2P 0S2

Toronto

821A Bloor Street West
Toronto, ON
M6G 1M1

Vancouver

409 Granville St
Suite 902
Vancouver, BC
V6C 1T2

U.S. Office

436 York Road
Suite 1
Jenkintown, PA
19046

Other Locations

Dallas, TX
Miami, FL

Home > Training > SOA for Architects > Securing the Service Oriented Enterprise Training

Securing the Service Oriented Enterprise Training

Quick Enroll

Course#: WA1565

This 1-day course will prepare you to identify, define, diagnose, and implement a comprehensive security strategy for a Service Oriented Architecture (SOA) initiative. SOA opens up a whole realm of security issues due to its ubiquity, decentralization, distributed, and even federated nature. Students will be exposed to a broad range of enterprise SOA security subjects, providing a solid foundational understanding of valid and in-valid approaches to designing and implementing SOA security.

Concepts in this course are re-enforced through a combination of group discussion, live demos and daily reviews.

Topics
 
  • Securing the Service Oriented Enterprise
  • Security Patterns within SOA
  • Service Layers
  • SOA Security Layering
  • Applying Traditional Security to SOA
  • SOA Security Standards
  • SOAP Primer
  • Digging into WS-Security
  • Advanced SOA Security
  • SOA Security Threats and Countermeasures
  • Governing SOA Security
  • SOA Security Tools
Audience
 

Security architects, analysts, and managers as well as system architects and application developers.

Prerequisites
 

Familiarity with SOA core concepts and elements required. Also a working knowledge of basic enterprise security principles and terminology highly recommended.

Duration
  One day

Outline of WA1565 Securing the Service Oriented Enterprise Training

1. SOA Security Overview

 
  • Objectives
  • Traditional systems
  • Loosely-coupled systems
  • Risks of loosely-coupled services
  • SOA Security Concerns
  • Security Stack: Web services
  • Security Stack: Other services
  • Discussion Question
  • Summary
 

2. Security Patterns

 
  • Objectives
  • Service bus security
  • Service bus security layers
  • Application-managed security
  • Security as a service
  • Reverse Proxy
  • ESB Gateway
  • Discussion Question
  • Summary
 

3. Security Layering

 
  • Objectives
  • SOA Layers
  • Security Layering
  • Policy-driven Security
  • PEP/PDP in Action
  • Separation of concerns
  • Loosely-coupled security layer
  • SES/SDS in Action
  • Layering and service granularity
  • Security Service Granularity
  • Process-centric Security
  • Discussion Question
  • Summary
 

4. Applying Traditional Security to SOA

 
  • Objectives
  • Public Key Infrastructure (PKI)
  • Digital Signature
  • Digital Signature Process
  • Certificates
  • Authentication
  • Basic HTTP Authentication
  • Secure Socket Layer (SSL)
  • Basic Authentication Over HTTPS
  • Securing non-HTTP Traffic
  • Summary
 

5. SOA Security Standards

 
  • Objectives
  • WS-Security
  • XML Encryption & Signature
  • SAML
  • WS-Trust
  • WS-Trust Interoperability
  • WS-Federation
  • WS-SecureConversation
  • Web Services Policy Framework
  • WS-SecurityPolicy
  • Security Standards Review
  • Summary
 

6. Simple Object Access Protocol (SOAP)

 
  • Objectives
  • SOAP Overview
  • SOAP in Protocol Stack
  • SOAP Components
  • SOAP HTTP Request Example
  • SOAP HTTP Response Example
  • Message Envelope
  • The Header Element
  • Header Attributes
  • SOAP Body
  • SOAP Fault
  • Communication Style
  • RPC/Encoded Style
  • RPC/Literal Style
  • Enabling RPC Styles
  • Document/Literal Style
  • Document/Literal Wrapped Style
  • Details of the Wrapped Style
  • Enabling Document Literal Style
  • Summary
 

7. SOA Security Standards

 
  • Objectives
  • SOA Security Model
  • SOA Security Policies
  • Transport Level Security Policy
  • Message Level Security Policy
  • Data Level Security Policy
  • Overview of Web Services Security
  • Securing XML Data
  • XML Digital Signatures
  • XML Encryption
  • WS-Security Tokens
  • WS-Security Considerations
  • Putting it all together
  • Phase 1: The Service-side
  • Phase 1: Build a secure service
  • Phase 2: The Client
  • Phase 2: Build a secure client
  • Phase 3: Production
  • Audit Tracking
  • Identity Assertion Using SAML
  • SAML SOAP Example
  • Summary
 

8. SOA Security Threats and Countermeasures

 
  • Objectives
  • The Price of Open Standards
  • Generic Vulnerabilities
  • XML-specific Attacks
  • Countermeasures
  • Summary
 

9. Governing SOA Security

 
  • Objectives
  • Security Governance
  • Collecting Security Requirements
  • Policies and Contract Management
  • Policy and Contract Management
  • SOA Security Lifecycle
  • Governance Model Overview
  • Models for Governing Security
  • Discussion Question
  • Summary
 

Appendix A. Glossary

 
  • Glossary
  • Glossary
  • Glossary
  • Glossary
 

Appendix B. Introduction to Web Services

 
  • Objectives
  • A Conceptual Look at Services
  • Defining Services
  • SOA Runtime Implementation
  • SOA Runtime Implementation
  • What is a Web Service?
  • Enterprise Assets as Services
  • Typical Development Workflow
  • Advantages of Web Services
  • Web Service Business Models
  • Case Study: Internal System Integration
  • Case Study: Business Process Externalization
  • SOAP Overview
  • SOAP in Protocol Stack
  • SOAP Structure
  • SOAP Message Architecture
  • Applying SOAP
  • WSDL Overview
  • WSDL Structure
  • Applying WSDL
  • UDDI Overview
  • UDDI Terminology
  • UDDI Structure
  • Locating a Service
  • Applying UDDI
  • WS-I Overview
  • WS-I Deliverables
  • Summary
Address Start Date End Date
Instructor Led Virtual 11/27/2017 11/27/2017
We regularly offer classes in these and other cities. Atlanta, Austin, Baltimore, Calgary, Chicago, Cleveland, Dallas, Denver, Detroit, Houston, Jacksonville, Miami, Montreal, New York City, Orlando, Ottawa, Philadelphia, Phoenix, Pittsburgh, Seattle, Toronto, Vancouver, Washington DC.
*Your name:

*Your e-mail:

*Phone:

*Company name:

Additional notes:

We have received your message. A sales representative will contact you soon.

Thank you!.

more details
buy this course

11/27/2017 - Online Virtual
$650.00
Enroll

Register for a courseware sample

It's simple, and free.

 

Thank You!

You will receive an email shortly containing a link to download the requested sample of the labs for this course.