This tutorial is sponsored by:
Securing XML is an essential element in keeping Web services secure. Created in partnership with our sister site,
Requires Free Membership to View
SearchSecurity.com, this
SearchSOA.com Tutorial is a compilation of resources that review different types of XML security
standards and approaches for keeping your XML Web services secure.
| TABLE OF CONTENTS XML Security Key Terms and Definitions Introduction to XML Security OASIS WS-Security SAML XML Signatures & Encryption XML Firewalls More Learning Guides |
| XML Security Key Terms and Definitions | Return to Table of Contents |
- Security Assertion Markup Language (SAML) (SearchSecurity.com Glossary)
- Authentication (SearchSecurity.com Glossary)
- Authorization (SearchSecurity.com Glossary)
- Digital signature (SearchSecurity.com Glossary)
- SOAP (Simple Object Access Protocol)(SearchWebservices.com Glossary)
- Algorithm (SearchSecurity.com Glossary)
- Extensible Access Control Markup Language (XACML) (SearchSecurity.com Glossary)
- Organization for the Advancement of Structured Information Standards (OASIS) (SearchWebservices.com Glossary)
- Encryption (SearchSecurity.com Glossary)
- WS-Security (SearchWebservices.com Glossary)
- Firewall (SearchSecurity.com Glossary)
- Single signon (SearchSecurity.com Glossary)
- Public key infrastructure (PKI) (SearchSecurity.com Glossary)
| Introduction to XML Security | Return to Table of Contents |
- Article: XML complexity introduces security risks (SearchSecurity.com)
- Article: Web services require new approach to security (SearchSecurity.com)
- Article: Sorting out the Web services security landscape (SearchSecurity.com)
- Conference presentation: How to Overcome Web Services Security Obstacles (Information Security Decisions 2005)
- Quiz: Infosec Know IT All Trivia: Securing Web services (SearchSecurity.com)
- Advice: Confused about differences in Web services security technology (SearchSecurity.com)
- Webcast: Web Services Security School, Lesson 1: Why Web services need security and trust (SearchWebServices.com)
| OASIS | Return to Table of Contents |
- Advice: National standards, security bodies release security checklists spec (SearchWebServices.com)
- Article: OASIS ratifies core security spec (SearchSecurity.com)
- Article: Latest Web services spec tackles application flaws (SearchSecurity.com)
- Advice: How will the battle between W3C and OASIS affect Web service security standards? (SearchSecurity.com)
- Article: Study shows companies still lukewarm (for now) on Web services (SearchSecurity.com)
| WS-Security | Return to Table of Contents |
- Web resource: Fast facts: WS-Security (SearchWebServices.com)
- Q&A: Standards expert: WS-Security changing Web services landscape (SearchSecurity.com)
- Article: Implementing WS-Security (SearchWebServices.com)
- Advice: What security concerns does WS-Security address? (SearchSecurity.com)
- Advice: Are there other projects for Web services security in the works beside WS-Security? (SearchSecurity.com)
- Advice: How will WS-Security impact Web services deployments? (SearchWebServices.com)
- Advice: A few questions regarding XML security (SearchWebServices.com)
| SAML | Return to Table of Contents |
- Advice: How SAML works (SearchWebServices.com)
- Article: Young SAML must conquer business pressures (SearchSecurity.com)
- Article: SAML 2.0 unifies support for federation (SearchWebServices.com)
- Article: SAML ratification enables vendor interoperability (SearchSecurity.com)
- Article: Federal agency demonstrates SAML interoperability (SearchWebServices.com)
- Webcast: Web Services Security School, Lesson 4: SAML (SearchWebServices.com)
- Advice: Are SAML and WS-Security competitive specifications for Web services security? (SearchSecurity.com)
| XML Signatures & Encryption | Return to Table of Contents |
- Article: Securing Web services requires out-of-box thinking (SearchSecurity.com)
- Article: Web services pose identity management challenges (SearchWebServices.com)
- Q&A: The pros and cons of securing Web services with SSL (SearchSecurity)
- Article: Report recommends standalone XML security appliances (SearchWebServices.com)
- Web resource: A how-to guide for supporting digital signatures within SOAP messages (SearchWebServices.com)
- Advice: Determining from WSDL if a Web service supports XML signature (SearchSecurity.com)
- Advice: Confused about differences in Web services security technology (SearchSecurity.com)
- Advice: Support for XML signature/encryption (SearchWebServices.com)
- Advice: What implementation(s) of XML encryption and XML signature would you recommend? (SearchWebServices.com)
- Webcast: Web Services Security School, Lesson 3: XML Signature and XML Encryption for Web services (SearchWebServices.com)
| XML Firewalls | Return to Table of Contents |
- Advice: Securing Web services: A job for the XML firewall (SearchSecurity.com)
- Article: XML firewalls dig deeper than traditional firewalls (SearchSecurity.com)
- Article: Web application, XML firewalls converge in one appliance (SearchWebServices.com)
- Article: Web services security vendors focus on access control, XML firewalls (SearchSecurity.com)
- Article: New XML firewall keeps watch on Web services (SearchWebServices.com)
- Article: Various flavors of firewalls are evolving (SearchSecurity.com)
- Article: XML firewall integrates crypto hardware (SearchSecurity.com)
- Article: Westbridge exec: When XML is a factor, standard firewalls don't cut it (SearchSecurity.com)
- Web resource: Featured Topic: XML firewalls (SearchWebServices.com)
| More Learning Guides | Return to Table of Contents |
- XML Learning Guide
- .NET Learning Guide
- J2EE Learning Guide
- Guide to Infosec Certifications
- Fast Guide: Web services security
| More Learning Guides | Return to Table of Contents |
- Ajax Tutorial
- XML Security Tutorial
- BPEL Tutorial
- SOA Tutorial
- Eclipse Tutorial
- ESB Tutorial
- SOA Data Integration Tutorial
- Simple Object Access Protocol (SOAP) Tutorial
- Representational State Transfer (REST) Tutorial
- Business Process Execution Language Tutorial
This was first published in February 2005
Join the conversationComment
Share
Comments
Results
Contribute to the conversation