Securing Web Services in a Service-Oriented Architecture (SOA)
This course explains why traditional security models of application-level security fail to meet the requirements of service-oriented architectures (SOAs) and explains the use of the various Web security standards and profiles in profiles. Students will leave this class understanding how to choose between various security options and know when to implement security as a service.
Students will leave this course armed with the skills to:
- Secure Web services in a service-oriented architecture
- Identify the situations where traditional security models fail to meet the requirements of a SOA
- Extend SOAP headers using WS-Security
- Authenticate users using passwords, digests, or Kerberos
- Ensure message confidentiality and non-repudiability using encryption
- Implement security as a service, codify security policies, and design enterprise-wide security models
Who Should Attend
This is an in-depth course designed for developers, designers, architects, and managers who wish to secure their Web services without losing the advantages that prompted them to employ a SOA in the first place.
This course provides a brief primer on SOA, but students will benefit most from this course if they already understand SOA principles to the level of ROI Course 417: Introduction to SOA and XML Web Services.
Chapter 1: Primer on SOA and Web Services
- What Is SOA?
- Why SOA?
- Implementing a SOA with Web Services
- SOAP and WSDL
Chapter 2: New Security Approaches
- Functional Aspects of Security
- Non-Functional Aspects of Security
- Need for New Security Approaches in SOA
- SOA Security Options
Chapter 3: SOAP Extensions
- Choices for Security Implementation in SOAP
- Extending SOAP with Headers
- SOAP Handlers
Chapter 4: Authenticating Users
- Authenticating with Username and Password
- Password Digests
- Using Kerberos with WS-Security
Chapter 5: Confidentiality and Non-Repudiation
- Primer on Asymmetric Encryption
- Encrypting SOAP Messages
- Signing SOAP Messages
Chapter 6: Enterprise-Level Security
- Security as a Service
- Web Services Policy Framework
- WS-Security Policy
- Securing Diverse Services
- Vulnerability Management
Please Contact Your ROI Representative to Discuss Course Tailoring!