Designing and Developing Secure Web Services Training

Chapter 1. Web Services Security (WS-Security)

• The Challenges
• Public Key Infrastructure (PKI)
• Digital Signature
• Certificates
• Overview of Web Services Security
• SOAP Message Security
• Message Integrity
• Message Confidentiality
• Symmetric Encryption Example
• Authentication Using Identity Token
• Authentication
• Transport Level Security
• Audit Tracking
• Identity Assertion Using SAML
• SAML SOAP Example

Chapter 2. WS-Trust and WS-Federation

• Review of WS-Security Authentication Model
• How WS-Trust Works
• WS-Federation
• Federation Metadata Example
• Requesting a Token
• Dynamic Conversation
• Summary

Chapter 3. Interoperability of WS-Security

• Interoperability Challenges
• Recall WS-Security
• Platform Run-Time Issues
• Hints
• Recall: WS-I
• Basic Security Profile v1.0
• Using Basic Security Profile 1.0
• BSP 1.0 Details
• BSP 1.0 Highlights
• Summary

Chapter 4. WS-Secure Conversation

• Review of WS-Security and WS-Trust
• Need for a Security Context
• Basic Usage of WS-Secure Conversation
• Establishing a Security Context
• Building on WS-Trust
• Using the Security Context Token
• Alterations to the Security Context Token
• Summary

Chapter 5. REST Services

• Many Flavors of Services
• Understanding REST
• Principles of RESTful Services
• REST Resource Examples
• SOAP Equivalent Examples
• REST vs SOAP Communication
• More REST vs SOAP
• REST vs SOAP Summary
• Famous RESTful Services
• Additional Resources
• Summary

Chapter 6. Securing REST Services

• RESTful Security - Ideal Approach
• RESTful Security - Practical Approach
• Protecting the QueryString
• REST and Access IDs
• AWS and HMAC
• Securing Resources
• REST Security Concerns
• Comprehensive REST Security
• Summary