Topics
 
  • SOA Fundamentals
  • Service Layering
  • SOA Value Proposition
  • Enterprise Service Bus (ESB)
  • Service Registries
  • Information Management
  • Securing the Service Oriented Enterprise
  • Security Patterns within SOA
  • Service Layers
  • SOA Security Layering
  • Applying Traditional Security to SOA
  • SOA Security Standards
  • SOAP Primer
  • Digging into WS-Security
  • SOA Security Threats and Countermeasures
  • Governing SOA Security
Audience
 

Security architects, analysts, and managers as well as system architects and application developers.

Prerequisites
 

A working knowledge of basic enterprise security principles and terminology highly recommended.

Duration
  Two days.

Outline for SOA for Security Professionals Training

1. SOA Fundamentals

 
  • Objectives
  • SOA in Context
  • SOA Job Role Impact
  • Service Oriented Architecture
  • The SOA Umbrella
  • SOA and Business Process Management
  • BPM Value Add
  • SOA Governance
  • SOA Governance Model
  • What s a Service?
  • Example Services
  • Service Actors
  • SOA Motivation
  • SOA s Goal
  • The Value of Transitioning from Applications to Services
  • Is this a New Concept?
  • Service Orienting the Enterprise
  • Service Characteristics
  • About Services in SOA
  • Contract-driven software
  • Elements of a Service
  • What is a Web Service?
  • How Web Services Work
  • Web Service Standards
  • SOA Standards
  • SOA Capabilities
  • Service Oriented Thinking
  • Summary
 

2. Layers of Services

 
  • Objectives
  • What is Layering?
  • SOA Layers
  • Common Layers
  • Auxiliary Layers
  • Digesting the Layers
  • The Application Service Layer
  • The Business Service Layer
  • The Orchestration Layer
  • Layering Rules of Thumb
  • SOA User Interface
  • Portal Site's Context Awareness
  • Web 2.0 Data Aggregation
  • Summary
 

3. SOA Value Proposition

 
  • Objectives
  • The SOA Value Proposition
  • Reducing integration expense
  • Integration costs illustration
  • Ripple effect of changes
  • The value of SOA layering
  • SOA reduces integration costs
  • Increasing asset reuse
  • Asset reuse illustration
  • Increasing business agility
  • Business Agility Illustration
  • Traditional EAI Approach
  • Problems with Traditional EAI Approach
  • Change Flow Using Legacy Approach
  • SOA Agility
  • Build the Services
  • Build the Process
  • We Can Easily Change the Process
  • Reducing business risk
  • Risk reduction illustration
  • SOA Eases Compliance Risk
  • Other Advantages
  • Business Advantages
  • Hasn t this been said before?
  • Hasn t this been said before?
  • ROI Quantification Hurdles
  • Real World SOA Example 1
  • Real World SOA Example 2
  • Real World SOA Example 3
  • Real World SOA Example 4
  • Summary
 

4. Overview of Service Registries

 
  • Objectives
  • Services Registry
  • Why Do We Need a Service Registry?
  • Main Activities Done Using a Registry
  • Publish
  • Discovery
  • Dynamic Discovery
  • Management
  • Enforce Governance Lifecycle
  • SOA Registry Products
  • Summary
 

5. Enterprise Service Bus (ESB)

 
  • Objectives
  • SOA and the ESB Pattern
  • Loose Coupling
  • Service Invocation
  • Business Process
  • Data Integration
  • Enterprise Service Bus (ESB)
  • Legacy System Integration
  • Unsupported Protocol
  • The Role of ESB in SOA
  • ESB: Software Artifacts
  • ESB - Software Artifacts
  • Business Process
  • Business Process: Example
  • Minimum ESB Capabilities
  • Minimum ESB Capabilities: Integration
  • Minimum ESB Capabilities: Communication
  • Minimum ESB Capabilities: Service Interaction
  • Minimum ESB Capabilities: Management
  • Security and ESB
  • Summary
 

6. Information Management in SOA

 
  • Objectives
  • Introduction
  • SOA and Enterprise Information Management
  • Operational Data Replication Basics
  • SOA and Data Basics
  • Data Publishing Event
  • Modeling Events
  • Handling Events in a BPEL Process
  • Data Mediation
  • Data Format
  • Generic Data Model
  • Example Generic Data Model
  • Mapping Data
  • Loading Data
  • Extract Transform Loading (ETL)
  • ETL and SOA
  • Data Federation
  • Summary
 

7. SOA Security Overview

 
  • Objectives
  • Traditional systems
  • Loosely-coupled systems
  • Risks of loosely-coupled services
  • SOA Security Concerns
  • Security Stack: Web services
  • Security Stack: Other services
  • Discussion Question
  • Summary
 

8. Security Patterns

 
  • Objectives
  • Service bus security
  • Service bus security layers
  • Application-managed security
  • Security as a service
  • Reverse Proxy
  • ESB Gateway
  • Discussion Question
  • Summary
 

9. Security Layering

 
  • Objectives
  • SOA Layers
  • Security Layering
  • Policy-driven Security
  • PEP/PDP in Action
  • Separation of concerns
  • Loosely-coupled security layer
  • SES/SDS in Action
  • Layering and service granularity
  • Security Service Granularity
  • Process-centric Security
  • Discussion Question
  • Summary
 

10. Applying Traditional Security to SOA

 
  • Objectives
  • Public Key Infrastructure (PKI)
  • Digital Signature
  • Digital Signature Process
  • Certificates
  • Authentication
  • Basic HTTP Authentication
  • Secure Socket Layer (SSL)
  • Basic Authentication Over HTTPS
  • Securing non-HTTP Traffic
  • Summary
 

11. SOA Security Standards

 
  • Objectives
  • WS-Security
  • XML Encryption & Signature
  • SAML
  • WS-Trust
  • WS-Trust Interoperability
  • WS-Federation
  • WS-SecureConversation
  • Web Services Policy Framework
  • WS-SecurityPolicy
  • Security Standards Review
  • Summary
 

12. Simple Object Access Protocol (SOAP)

 
  • Objectives
  • SOAP Overview
  • SOAP in Protocol Stack
  • SOAP Components
  • SOAP HTTP Request Example
  • SOAP HTTP Response Example
  • Message Envelope
  • The Header Element
  • Header Attributes
  • SOAP Body
  • SOAP Fault
  • Communication Style
  • RPC/Encoded Style
  • RPC/Literal Style
  • Enabling RPC Styles
  • Document/Literal Style
  • Document/Literal Wrapped Style
  • Details of the Wrapped Style
  • Enabling Document Literal Style
  • Summary
 

13. SOA Security Standards

 
  • Objectives
  • SOA Security Model
  • SOA Security Policies
  • Transport Level Security Policy
  • Message Level Security Policy
  • Data Level Security Policy
  • Overview of Web Services Security
  • Securing XML Data
  • XML Digital Signatures
  • XML Encryption
  • WS-Security Tokens
  • WS-Security Considerations
  • Putting it all together
  • Phase 1: The Service-side
  • Phase 1: Build a secure service
  • Phase 2: The Client
  • Phase 2: Build a secure client
  • Phase 3: Production
  • Audit Tracking
  • Identity Assertion Using SAML
  • SAML SOAP Example
  • Summary
 

14. SOA Security Threats and Countermeasures

 
  • Objectives
  • The Price of Open Standards
  • Generic Vulnerabilities
  • XML-specific Attacks
  • Countermeasures
  • Summary
 

15. Governing SOA Security

 
  • Objectives
  • Security Governance
  • Collecting Security Requirements
  • Policies and Contract Management
  • Policy and Contract Management
  • SOA Security Lifecycle
  • Governance Model Overview
  • Models for Governing Security
  • Discussion Question
  • Summary
 

Appendix A. Glossary

 
  • Glossary
  • Glossary
  • Glossary
  • Glossary
 

Appendix B. Introduction to Web Services

 
  • Objectives
  • A Conceptual Look at Services
  • Defining Services
  • SOA Runtime Implementation
  • SOA Runtime Implementation
  • What is a Web Service?
  • Enterprise Assets as Services
  • Typical Development Workflow
  • Advantages of Web Services
  • Web Service Business Models
  • Case Study: Internal System Integration
  • Case Study: Business Process Externalization
  • SOAP Overview
  • SOAP in Protocol Stack
  • SOAP Structure
  • SOAP Message Architecture
  • Applying SOAP
  • WSDL Overview
  • WSDL Structure
  • Applying WSDL
  • UDDI Overview
  • UDDI Terminology
  • UDDI Structure
  • Locating a Service
  • Applying UDDI
  • WS-I Overview
  • WS-I Deliverables
  • Summary