Course 423:
Securing Web Services in a Service-Oriented Architecture (SOA)

(2 days)


Course Description

This course explains why traditional security models of application-level security fail to meet the requirements of service-oriented architectures (SOAs) and explains the use of the various Web security standards and profiles in profiles. Students will leave this class understanding how to choose between various security options and know when to implement security as a service.

Learning Objectives

Students will leave this course armed with the skills to:

  • Secure Web services in a service-oriented architecture
  • Identify the situations where traditional security models fail to meet the requirements of a SOA
  • Extend SOAP headers using WS-Security
  • Authenticate users using passwords, digests, or Kerberos
  • Ensure message confidentiality and non-repudiability using encryption
  • Implement security as a service, codify security policies, and design enterprise-wide security models

Who Should Attend

This is an in-depth course designed for developers, designers, architects, and managers who wish to secure their Web services without losing the advantages that prompted them to employ a SOA in the first place.

This course provides a brief primer on SOA, but students will benefit most from this course if they already understand SOA principles to the level of ROI Course 417: Introduction to SOA and XML Web Services.

Course Outline

 Chapter 1: Primer on SOA and Web Services

  • What Is SOA?
  • Why SOA?
  • Implementing a SOA with Web Services
  • SOAP and WSDL

Chapter 2: New Security Approaches

  • Functional Aspects of Security
  • Non-Functional Aspects of Security
  • Need for New Security Approaches in SOA
  • SOA Security Options

Chapter 3: SOAP Extensions

  • Choices for Security Implementation in SOAP
  • Extending SOAP with Headers
  • WS-Security
  • SOAP Handlers
  • WS-Addressing

Chapter 4: Authenticating Users

  • Authenticating with Username and Password
  • Password Digests
  • Using Kerberos with WS-Security

Chapter 5: Confidentiality and Non-Repudiation

  • Primer on Asymmetric Encryption
  • Encrypting SOAP Messages
  • Signing SOAP Messages

Chapter 6: Enterprise-Level Security

  • Security as a Service
  • SAML
  • Web Services Policy Framework
  • WS-Security Policy
  • Securing Diverse Services
  • Vulnerability Management

Please Contact Your ROI Representative to Discuss Course Tailoring!