Securing Web Services with WS-Security: Demystifying WS-Security, WS-Policy, SAML, XML Signature, and XML Encryption

Securing Web Services with WS-Security will help you take your Web services securely to production, with insight into the latest security standards.

Jothy Rosenberg and David Remy, both business, technology, and security visionaries, demystify these standards with practical examples including a fully developed case study application showing these tools at work. A pragmatic approach is taken showing which Web Services Security standards are needed when faced with a variety of security challenges. The authors understand that security remains one of the largest remaining impediments to deploying major Web services in business-critical situations. The goal of this book is to remove those impediments by providing a detailed understanding of all the available security technologies and how and when to employ them.

You know how to build Web service applications using XML, SOAP, and WSDL, but can you ensure that those applications are secure? Standards development groups such as OASIS and W3C have released several specifications designed to provide security -- but how do you combine them in working applications?

Securing Web Services with WS-Security will help you take your Web services securely to production, with insight into the latest security standards.

Jothy Rosenberg and David Remy, both business, technology, and security visionaries, demystify these standards with practical examples including a fully developed case study application showing these tools at work. A pragmatic approach is taken showing which Web Services Security standards are needed when faced with a variety of security challenges. The authors understand that security remains one of the largest remaining impediments to deploying major Web services in business-critical situations. The goal of this book is to remove those impediments by providing a detailed understanding of all the available security technologies and how and when to employ them.

About the Authors

Jonathan "Jothy" Rosenberg, Ph.D., Founder, CTO, and CEO, Service Integrity

Dr. Jothy Rosenberg is a serial entrepreneur. He is a founder, Director, CTO, and CEO of Service Integrity, a company providing

Before these multiple ventures, Jothy held various executive positions at Borland International where he was General Manager of the Enterprise Tools Division and overall Development VP for Languages, including Delphi, C++, and JBuilder products. Jothy holds a B.A. in Mathematics from Kalamazoo College and a Ph.D. in Computer Science on VLSI Design algorithms from Duke University. He is also the author of How Debuggers Work. Jothy holds patents on debugger watchpoint mechanisms, content certification and site identity assurance, as well as a pending security compliance monitoring patent.

David L. Remy, CISSP, Director of Product Engineering for Security, Web Services and

David Remy works at BEA Systems, Inc., where he is a Director of Product Engineering responsible for security, Web services, and