Nicht aus der Schweiz? Besuchen Sie lehmanns.de

Security for Web Services and Service-Oriented Architectures (eBook)

eBook Download: PDF
2009 | 2010
XII, 226 Seiten
Springer Berlin (Verlag)
978-3-540-87742-4 (ISBN)

Lese- und Medienproben

Security for Web Services and Service-Oriented Architectures - Elisa Bertino, Lorenzo Martino, Federica Paci, Anna Squicciarini
Systemvoraussetzungen
53,49 inkl. MwSt
(CHF 52,25)
Der eBook-Verkauf erfolgt durch die Lehmanns Media GmbH (Berlin) zum Preis in Euro inkl. MwSt.
  • Download sofort lieferbar
  • Zahlungsarten anzeigen
Web services technologies are advancing fast and being extensively deployed in many di?erent application environments. Web services based on the eXt- sible Markup Language (XML), the Simple Object Access Protocol (SOAP), andrelatedstandards,anddeployedinService-OrientedArchitectures(SOAs) are the key to Web-based interoperability for applications within and across organizations. Furthermore, they are making it possible to deploy appli- tions that can be directly used by people, and thus making the Web a rich and powerful social interaction medium. The term Web 2.0 has been coined to embrace all those new collaborative applications and to indicate a new, 'social' approach to generating and distributing Web content, characterized by open communication, decentralization of authority, and freedom to share and reuse. For Web services technologies to hold their promise, it is crucial that - curity of services and their interactions with users be assured. Con?dentiality, integrity,availability,anddigitalidentitymanagementareallrequired.People need to be assured that their interactions with services over the Web are kept con?dential and the privacy of their personal information is preserved. People need to be sure that information they use for looking up and selecting s- vicesiscorrectanditsintegrityisassured.Peoplewantservicestobeavailable when needed. They also require interactions to be convenient and person- ized, in addition to being private. Addressing these requirements, especially when dealing with open distributed applications, is a formidable challenge.

Elisa Bertino is professor of Computer Science and Electrical and Computer Engineering, and research director of the Center for Education and Research in Information Assurance and Security (CERIAS) at Purdue University. She has carried out extensive research on various security topics, such as foundations of access control systems, security for location-based applications, security for web services, digital identity management, data privacy, security and privacy for healthcare applications and for GIS; and has given numerous presentations and tutorials on these topics in scientific conferences. Recently, she recently received the IEEE Computer Society 2005 Kanai award for her research in security for distributed systems. She has also served as a member of the Microsoft Trustworthy Computing Academic Advisory Board.

Lorenzo D. Martino is visiting assistant professor at the Computer and Information Technology (C&IT) department of Purdue University and at the Cyber Center of the Purdue University. He has carried out research on trust negotiation techniques and security for web services.

Federica Maria Francesca Paci is a PhD Student at the University of Milan, Italy. Her main research interests include the development of access control models for constraint workflow systems, Web services access control models and secure distribution of XML documents. She has published several refereed journal and conference papers in these areas.

Anna Squicciarini is a post doctoral research associate in the Computer Science Department of Purdue University. She conducts research on security for distributed systems, with particular focus on trust management, identity management and access control for grids and Web Services. She has published several refereed journal and conference papers in these areas. She has been the main architect of the Trust-X system, an innovative system supporting trust negotiation in distributed open systems.

Elisa Bertino is professor of Computer Science and Electrical and Computer Engineering, and research director of the Center for Education and Research in Information Assurance and Security (CERIAS) at Purdue University. She has carried out extensive research on various security topics, such as foundations of access control systems, security for location-based applications, security for web services, digital identity management, data privacy, security and privacy for healthcare applications and for GIS; and has given numerous presentations and tutorials on these topics in scientific conferences. Recently, she recently received the IEEE Computer Society 2005 Kanai award for her research in security for distributed systems. She has also served as a member of the Microsoft Trustworthy Computing Academic Advisory Board.Lorenzo D. Martino is visiting assistant professor at the Computer and Information Technology (C&IT) department of Purdue University and at the Cyber Center of the Purdue University. He has carried out research on trust negotiation techniques and security for web services. Federica Maria Francesca Paci is a PhD Student at the University of Milan, Italy. Her main research interests include the development of access control models for constraint workflow systems, Web services access control models and secure distribution of XML documents. She has published several refereed journal and conference papers in these areas. Anna Squicciarini is a post doctoral research associate in the Computer Science Department of Purdue University. She conducts research on security for distributed systems, with particular focus on trust management, identity management and access control for grids and Web Services. She has published several refereed journal and conference papers in these areas. She has been the main architect of the Trust-X system, an innovative system supporting trust negotiation in distributed open systems.

Preface 6
Contents 8
Introduction 12
Security for Web Services and Security Goals 12
Privacy 14
Goals and Scope of the Book and its Intended Audience 15
An Overview of the Book's Content 16
Web Service Technologies, Principles, Architectures, and Standards 20
SOA and Web Services Principles 21
Web Services Architecture 24
Web Services Technologies and Standards 24
SOAP 26
Web Services Description Language (WSDL) 27
Service Discovery: Universal Description, Discovery and Integration (UDDI) 29
Considerations 32
Web Services Infrastructure 33
Web Services Threats, Vulnerabilities, and Countermeasures 35
Threats and Vulnerabilities Concept Definition 36
Threat Modeling 38
Vulnerability Categorizations and Catalogs 46
Threat and Vulnerabilities Metrics 50
Standards for Web Services Security 55
The Concept of Standard 57
Web Services Security Standards Framework 58
An Overview of Current Standards 59
``Near the wire'' security standards 59
XML Data Security 61
Security Assertions Markup Language (SAML) 63
SOAP Message Security 66
Key and Trust Management standards 70
Standards for Policy Specification 74
Access Control Policy Standards 77
Implementations of Web Services Security Standards 83
Standards-related Issues 84
Digital Identity Management and Trust Negotiation 88
Overview of Digital Identity Management 89
Overview of Existing Proposals 91
Liberty Alliance 92
WS-Federation 95
Comparison of Liberty Alliance and WS-Framework 98
Other Digital Identity Management Initiatives 99
Discussion on Security of Identity Management Systems 102
Business Processes 104
Deploying Multifactor Authentication for Business Processes 105
Architecture 106
Digital Identity Management in Grid Systems 106
The Trust Negotiation Paradigm and its Deployment using SOA 109
Trust Negotiation and Digital Identity Management 110
Automated Trust Negotiation and Digital Identity Management Systems: Differences and Similarities 111
Integrating Identity Management and Trust Negotiations 114
Architecture of a SP in FAMTN 116
An Example of a Use Case: FSP in Liberty Web Services Framework 117
Negotiations in an FAMTN Federation 118
Ticketing system in an FAMTN Federation 118
Implementing Trust Tickets Through Cookies 119
Negotiation in Identity Federated Systems 121
Bibliographic Notes 122
Access Control for Web Services 124
Approaches to Enforce Access Control for Web Services 125
WS-AC1: An Adaptive Access Control Model for Stateless Web Services 127
The WS-AC1 Model 129
WS-AC1 Identity Attribute Negotiation 134
WS-AC1 Parameter Negotiation 137
An Access Control Framework for Conversation-Based Web services 141
Conversation-Based Access Control 142
Access Control and Credentials 143
k-Trust Levels and Policies 144
Access Control Enforcement 145
K-Trustworthiness Levels Computation 147
Architecture of the Enforcement System 154
Secure Publishing Techniques 156
The Merkle Signatures 157
Merkle Signatures for Trees 157
Merkle Signatures for XML Documents 158
Merkle Hash Verification for Documents with Partially Hidden Contents 159
Application of the Merkle Signature to UDDI Registries 161
Merkle Signature Representation 161
Merkle Hash Path Representation 162
A Comparison of Merkle Signatures with XML Signatures 163
Bibliographic Notes 166
Access Control for Business Processes 167
Access Control for Workflows and Business Processes 169
Web Services Business Process Execution Language (WS-BPEL) 172
RBAC-WS-BPEL: An Authorization Model for WS-BPEL Business Processes 174
RBAC XACML: Authorization Schema 178
Business Process Constraint Language 178
RBAC-WS-BPEL Authorization Specification 179
RBAC-WS-BPEL Enforcement 180
RBAC-WS-BPEL System Architecture 182
Handling < HumanActivity>
Emerging Research Trends 186
Security as a Service 186
Motivations 187
Reference Framework for Security Services 188
Authentication Service 189
Privacy for Web Services 193
P3P and the Privacy-Aware RBAC Model 194
Privacy-Preserving Data Management Techniques 199
W3C Privacy Requirements for Web Services and Research Issues 200
Semantic Web Security 201
Concluding Remarks 202
Access Control 203
Basic Notions 203
The Protection Matrix Model 204
Access Control Lists and Capability Lists 205
Negative Authorizations 205
Role-Based Access Control 206
Concluding Remarks 210
References 211
Index 228

Erscheint lt. Verlag 22.10.2009
Zusatzinfo XII, 226 p.
Verlagsort Berlin
Sprache englisch
Themenwelt Informatik Netzwerke Sicherheit / Firewall
Mathematik / Informatik Informatik Software Entwicklung
Wirtschaft Betriebswirtschaft / Management Wirtschaftsinformatik
Schlagworte Access Control • BPEL • Identity Management • Information Security • language • organization • SAML • security • Service-Oriented Architecture • SOA • SOAP • Standards • trust management • Web Services • Workflow • WSDL • XML
ISBN-10 3-540-87742-8 / 3540877428
ISBN-13 978-3-540-87742-4 / 9783540877424
Haben Sie eine Frage zum Produkt?
PDFPDF (Wasserzeichen)
Größe: 3,3 MB

DRM: Digitales Wasserzeichen
Dieses eBook enthält ein digitales Wasser­zeichen und ist damit für Sie persona­lisiert. Bei einer missbräuch­lichen Weiter­gabe des eBooks an Dritte ist eine Rück­ver­folgung an die Quelle möglich.

Dateiformat: PDF (Portable Document Format)
Mit einem festen Seiten­layout eignet sich die PDF besonders für Fach­bücher mit Spalten, Tabellen und Abbild­ungen. Eine PDF kann auf fast allen Geräten ange­zeigt werden, ist aber für kleine Displays (Smart­phone, eReader) nur einge­schränkt geeignet.

Systemvoraussetzungen:
PC/Mac: Mit einem PC oder Mac können Sie dieses eBook lesen. Sie benötigen dafür einen PDF-Viewer - z.B. den Adobe Reader oder Adobe Digital Editions.
eReader: Dieses eBook kann mit (fast) allen eBook-Readern gelesen werden. Mit dem amazon-Kindle ist es aber nicht kompatibel.
Smartphone/Tablet: Egal ob Apple oder Android, dieses eBook können Sie lesen. Sie benötigen dafür einen PDF-Viewer - z.B. die kostenlose Adobe Digital Editions-App.

Buying eBooks from abroad
For tax law reasons we can sell eBooks just within Germany and Switzerland. Regrettably we cannot fulfill eBook-orders from other countries.

Mehr entdecken
aus dem Bereich
Das Praxishandbuch zu Krisenmanagement und Krisenkommunikation

von Holger Kaschner

eBook Download (2024)
Springer Fachmedien Wiesbaden (Verlag)
CHF 34,15
Methodische Kombination von IT-Strategie und IT-Reifegradmodell

von Markus Mangiapane; Roman P. Büchler

eBook Download (2024)
Springer Vieweg (Verlag)
CHF 41,95