SOA for Security Professionals Training

This 2-day course will introduce you to the world of service orientation and prepare you to identify, define, diagnose, and implement a comprehensive security strategy for a Service Oriented Architecture (SOA) initiative. SOA opens up a whole realm of security issues due to its ubiquity, decentralization, distributed, and even federated nature. Students will be exposed to a broad range of service orientation topics and enterprise SOA security [..]

Introduction Course Outline

Topics
	SOA Fundamentals Service Layering SOA Value Proposition Enterprise Service Bus (ESB) Service Registries Information Management Securing the Service Oriented Enterprise Security Patterns within SOA Service Layers SOA Security Layering Applying Traditional Security to SOA SOA Security Standards SOAP Primer Digging into WS-Security SOA Security Threats and Countermeasures Governing SOA Security

Audience
	Security architects, analysts, and managers as well as system architects and application developers.

Prerequisites
	A working knowledge of basic enterprise security principles and terminology highly recommended.

Duration
	Two days.

Outline for SOA for Security Professionals Training

1. SOA Fundamentals
	Objectives SOA in Context SOA Job Role Impact Service Oriented Architecture The SOA Umbrella SOA and Business Process Management BPM Value Add SOA Governance SOA Governance Model What s a Service? Example Services Service Actors SOA Motivation SOA s Goal The Value of Transitioning from Applications to Services Is this a New Concept? Service Orienting the Enterprise Service Characteristics About Services in SOA Contract-driven software Elements of a Service What is a Web Service? How Web Services Work Web Service Standards SOA Standards SOA Capabilities Service Oriented Thinking Summary

2. Layers of Services
	Objectives What is Layering? SOA Layers Common Layers Auxiliary Layers Digesting the Layers The Application Service Layer The Business Service Layer The Orchestration Layer Layering Rules of Thumb SOA User Interface Portal Site's Context Awareness Web 2.0 Data Aggregation Summary

3. SOA Value Proposition
	Objectives The SOA Value Proposition Reducing integration expense Integration costs illustration Ripple effect of changes The value of SOA layering SOA reduces integration costs Increasing asset reuse Asset reuse illustration Increasing business agility Business Agility Illustration Traditional EAI Approach Problems with Traditional EAI Approach Change Flow Using Legacy Approach SOA Agility Build the Services Build the Process We Can Easily Change the Process Reducing business risk Risk reduction illustration SOA Eases Compliance Risk Other Advantages Business Advantages Hasn t this been said before? Hasn t this been said before? ROI Quantification Hurdles Real World SOA Example 1 Real World SOA Example 2 Real World SOA Example 3 Real World SOA Example 4 Summary

4. Overview of Service Registries
	Objectives Services Registry Why Do We Need a Service Registry? Main Activities Done Using a Registry Publish Discovery Dynamic Discovery Management Enforce Governance Lifecycle SOA Registry Products Summary

5. Enterprise Service Bus (ESB)
	Objectives SOA and the ESB Pattern Loose Coupling Service Invocation Business Process Data Integration Enterprise Service Bus (ESB) Legacy System Integration Unsupported Protocol The Role of ESB in SOA ESB: Software Artifacts ESB - Software Artifacts Business Process Business Process: Example Minimum ESB Capabilities Minimum ESB Capabilities: Integration Minimum ESB Capabilities: Communication Minimum ESB Capabilities: Service Interaction Minimum ESB Capabilities: Management Security and ESB Summary

6. Information Management in SOA
	Objectives Introduction SOA and Enterprise Information Management Operational Data Replication Basics SOA and Data Basics Data Publishing Event Modeling Events Handling Events in a BPEL Process Data Mediation Data Format Generic Data Model Example Generic Data Model Mapping Data Loading Data Extract Transform Loading (ETL) ETL and SOA Data Federation Summary

7. SOA Security Overview
	Objectives Traditional systems Loosely-coupled systems Risks of loosely-coupled services SOA Security Concerns Security Stack: Web services Security Stack: Other services Discussion Question Summary

8. Security Patterns
	Objectives Service bus security Service bus security layers Application-managed security Security as a service Reverse Proxy ESB Gateway Discussion Question Summary

9. Security Layering
	Objectives SOA Layers Security Layering Policy-driven Security PEP/PDP in Action Separation of concerns Loosely-coupled security layer SES/SDS in Action Layering and service granularity Security Service Granularity Process-centric Security Discussion Question Summary

10. Applying Traditional Security to SOA
	Objectives Public Key Infrastructure (PKI) Digital Signature Digital Signature Process Certificates Authentication Basic HTTP Authentication Secure Socket Layer (SSL) Basic Authentication Over HTTPS Securing non-HTTP Traffic Summary

11. SOA Security Standards
	Objectives WS-Security XML Encryption & Signature SAML WS-Trust WS-Trust Interoperability WS-Federation WS-SecureConversation Web Services Policy Framework WS-SecurityPolicy Security Standards Review Summary

12. Simple Object Access Protocol (SOAP)
	Objectives SOAP Overview SOAP in Protocol Stack SOAP Components SOAP HTTP Request Example SOAP HTTP Response Example Message Envelope The Header Element Header Attributes SOAP Body SOAP Fault Communication Style RPC/Encoded Style RPC/Literal Style Enabling RPC Styles Document/Literal Style Document/Literal Wrapped Style Details of the Wrapped Style Enabling Document Literal Style Summary

13. SOA Security Standards
	Objectives SOA Security Model SOA Security Policies Transport Level Security Policy Message Level Security Policy Data Level Security Policy Overview of Web Services Security Securing XML Data XML Digital Signatures XML Encryption WS-Security Tokens WS-Security Considerations Putting it all together Phase 1: The Service-side Phase 1: Build a secure service Phase 2: The Client Phase 2: Build a secure client Phase 3: Production Audit Tracking Identity Assertion Using SAML SAML SOAP Example Summary

14. SOA Security Threats and Countermeasures
	Objectives The Price of Open Standards Generic Vulnerabilities XML-specific Attacks Countermeasures Summary

15. Governing SOA Security
	Objectives Security Governance Collecting Security Requirements Policies and Contract Management Policy and Contract Management SOA Security Lifecycle Governance Model Overview Models for Governing Security Discussion Question Summary

Appendix A. Glossary
	Glossary Glossary Glossary Glossary

Appendix B. Introduction to Web Services
	Objectives A Conceptual Look at Services Defining Services SOA Runtime Implementation SOA Runtime Implementation What is a Web Service? Enterprise Assets as Services Typical Development Workflow Advantages of Web Services Web Service Business Models Case Study: Internal System Integration Case Study: Business Process Externalization SOAP Overview SOAP in Protocol Stack SOAP Structure SOAP Message Architecture Applying SOAP WSDL Overview WSDL Structure Applying WSDL UDDI Overview UDDI Terminology UDDI Structure Locating a Service Applying UDDI WS-I Overview WS-I Deliverables Summary

Outline for SOA for Security Professionals Training

1. SOA Fundamentals

2. Layers of Services

3. SOA Value Proposition

4. Overview of Service Registries

5. Enterprise Service Bus (ESB)

6. Information Management in SOA

7. SOA Security Overview

8. Security Patterns

9. Security Layering

10. Applying Traditional Security to SOA

11. SOA Security Standards

12. Simple Object Access Protocol (SOAP)

13. SOA Security Standards

14. SOA Security Threats and Countermeasures

15. Governing SOA Security

Appendix A. Glossary

Appendix B. Introduction to Web Services