Jonathan "Jothy" Rosenberg, Ph.D., Founder & Chief Executive Officer, Service Integrity and co-author of Securing Web Services with WS-Security: Demystifying WS-Security, WS-Policy, SAML, XML Signature, and XML Encryption, is your Web Services Security School professor. In each of these 20-minute lessons he'll walk you through the new security problems that Web services create and teach you how to monitor and enforce security policy. Web Services Security School is in session -- enjoy!
Web Services Security School
Lesson 1: Why Web services need security and trust
What are the new and different security problems Web services create? Unlike introductions to Web services that just list and explain the acronyms, this lesson will explain the role of XML, SOAP and the others in Web services security. We'll also discuss why Web services need security, why application integration, B2B integration and SOA need trust and how security relates to trust.
Listen to Lesson one right now.
Sponsored by: Netegrity
Lesson 2: Distributed message-level security for Web services
This lesson will cover the challenges of information security in loosely-coupled, message-passing, service-oriented, business-critical Web services. In this session, Jothy Rosenberg dives into shared key, pubic key, digital signature and those basics of message-level security.
Listen to Lesson two right now.
Sponsored by: Netegrity
Lesson 3:XML Signature and XML Encryption for Web services
XML Signature safeguards the integrity and identity of XML messages. XML Encryption ensures the confidentiality of XML messages. Both these technologies are mature and are built into the specification for WS-Security. At this point in the Web Services Security School, we'll get into more detail with specific examples and suggestions for best use.
Listen to Lesson three right now.
Sponsored by: Netegrity
Lesson 4: SAML
In this lesson, we'll review SAML -- the standard for attaching identity to XML messages. It is the basis for Liberty Alliance and other federated identity and identity management systems. SAML is also built into the specification for WS-Security.
Listen to Lesson 4 right now.
Sponsored by: Netegrity
Lesson 5: WS-Security builds security into SOAP
This session provides a SOA model for active management of SOA and Web services initiatives within an organization. Passive SOA/Web services management will lead to an SOA model that is vendor-driven instead of a SOA that meets strategic and tactical business needs.
Listen to Lesson 5 right now.
Lesson 6: Web services trust governance
The final lesson in this series will discuss how to monitor and enforce security policy to establish and maintain trust in Web services, which is vital to their being useful for real business.
Listen to Lesson 6 right now.
