WA1565 Securing the Service Oriented Enterprise Training and Courseware Course Outline

WA1565 Securing the Service Oriented Enterprise Training and Courseware Course Outline

1. SOA Security Overview
	Objectives Traditional systems Loosely-coupled systems Risks of loosely-coupled services SOA Security Concerns Security Stack: Web services Security Stack: Other services Discussion Question Summary

2. Security Patterns
	Objectives Service bus security Service bus security layers Application-managed security Security as a service Reverse Proxy ESB Gateway Discussion Question Summary

3. Security Layering
	Objectives SOA Layers Security Layering Policy-driven Security PEP/PDP in Action Separation of concerns Loosely-coupled security layer SES/SDS in Action Layering and service granularity Security Service Granularity Process-centric Security Discussion Question Summary

4. Applying Traditional Security to SOA
	Objectives Public Key Infrastructure (PKI) Digital Signature Digital Signature Process Certificates Authentication Basic HTTP Authentication Secure Socket Layer (SSL) Basic Authentication Over HTTPS Securing non-HTTP Traffic Summary

5. SOA Security Standards
	Objectives WS-Security XML Encryption & Signature SAML WS-Trust WS-Trust Interoperability WS-Federation WS-SecureConversation Web Services Policy Framework WS-SecurityPolicy Security Standards Review Summary

6. Simple Object Access Protocol (SOAP)
	Objectives SOAP Overview SOAP in Protocol Stack SOAP Components SOAP HTTP Request Example SOAP HTTP Response Example Message Envelope The Header Element Header Attributes SOAP Body SOAP Fault Communication Style RPC/Encoded Style RPC/Literal Style Enabling RPC Styles Document/Literal Style Document/Literal Wrapped Style Details of the Wrapped Style Enabling Document Literal Style Summary

7. SOA Security Standards
	Objectives SOA Security Model SOA Security Policies Transport Level Security Policy Message Level Security Policy Data Level Security Policy Overview of Web Services Security Securing XML Data XML Digital Signatures XML Encryption WS-Security Tokens WS-Security Considerations Putting it all together Phase 1: The Service-side Phase 1: Build a secure service Phase 2: The Client Phase 2: Build a secure client Phase 3: Production Audit Tracking Identity Assertion Using SAML SAML SOAP Example Summary

8. SOA Security Threats and Countermeasures
	Objectives The Price of Open Standards Generic Vulnerabilities XML-specific Attacks Countermeasures Summary

9. Governing SOA Security
	Objectives Security Governance Collecting Security Requirements Policies and Contract Management Policy and Contract Management SOA Security Lifecycle Governance Model Overview Models for Governing Security Discussion Question Summary

Appendix A. Glossary
	Glossary Glossary Glossary Glossary

Appendix B. Introduction to Web Services
	Objectives A Conceptual Look at Services Defining Services SOA Runtime Implementation SOA Runtime Implementation What is a Web Service? Enterprise Assets as Services Typical Development Workflow Advantages of Web Services Web Service Business Models Case Study: Internal System Integration Case Study: Business Process Externalization SOAP Overview SOAP in Protocol Stack SOAP Structure SOAP Message Architecture Applying SOAP WSDL Overview WSDL Structure Applying WSDL UDDI Overview UDDI Terminology UDDI Structure Locating a Service Applying UDDI WS-I Overview WS-I Deliverables Summary

WA1565 Securing the Service Oriented Enterprise Training and Courseware Course Outline

1. SOA Security Overview

2. Security Patterns

3. Security Layering

4. Applying Traditional Security to SOA

5. SOA Security Standards

6. Simple Object Access Protocol (SOAP)

7. SOA Security Standards

8. SOA Security Threats and Countermeasures

9. Governing SOA Security

Appendix A. Glossary

Appendix B. Introduction to Web Services