Securing Web Services with WSSecurity: Demystifying WSSecurity, WSPolicy, SAML, XML Signature, and XML Encryption - Softcover

The great promise of Web services will never be realized unless they are proven to be reliable, available, and have the appropriate level of security. Rosenberg and Remy are among the first to accurately portray Web Services Security by addressing how to apply the correct amount and types of security solutions.

The security issues that apply to Web services are similar to those surrounding other technology solutions and systems. Business applications deployed as Web services need to incorporate security building blocks including authentication, authorization, confidentiality, availability and reliability, fraudulent transactions, nonrepudiation, compliance, and auditing and monitoring.

Rosenberg and Remy have not only clearly defined Web Services Security, but they also have put together a great roadmap on how to properly deploy secure Web services at all levels. I hope you find this book as enlightening and informative as I did.

--M. Greg Shanton, AMS, Inc.

...This book makes it quite a bit easier to comprehend all the facets of Web Services Security; plus, it aggregates information on all the underlying and associated security technologies that WS-Security relies on, such as SSL, PKI, XKMS, SAML, and a host of other acronyms. It’s a reference book that I intend to keep handy.

In all my conversations with enterprise companies, security reigns as the number one concern in their plans to deploy Web services. And I can't blame them. Without a proper security infrastructure in place, Web services can expose sensitive corporate processes and information and leave a company open to risk and malfeasance--from both internal and external perpetrators.

Traditional network-layer and perimeter security tactics, such as SSL, proxy servers, and firewalls, aren't sufficient to protect IT systems anymore... Developers need to be prepared to start using WS-Security and SAML. This book is a great place to start.

--Anne Thomas Manes, Burton Group

About the Authors

Jonathan "Jothy" Rosenberg, Ph.D., Founder, CTO, and CEO, Service Integrity

Dr. Jothy Rosenberg is a serial entrepreneur. He is a founder, Director, CTO, and CEO of Service Integrity, a company providing XML Web services monitoring and analysis products for end-to-end real-time enterprise visibility including security and compliance visibility or "early warning." Prior to Service Integrity, Jothy co-founded GeoTrust, the world's second largest certificate authority and a major innovator in enterprise-managed security solutions. As the company's COO and CTO, Jothy led the company's product development initiatives, developing patents on a series of ground-breaking security products and deploying a secure Web service integrating GeoTrust's reseller partners into the SSL provisioning process. Previous to GeoTrust, Jothy served as CEO and CTO of Factpoint, Inc., a pioneer in the area of content certification and content management. With his Service Integrity co-founders, he also co-founded Webspective, which was later sold to Inktomi.

Before these multiple ventures, Jothy held various executive positions at Borland International where he was General Manager of the Enterprise Tools Division and overall Development VP for Languages, including Delphi, C++, and JBuilder products. Jothy holds a B.A. in Mathematics from Kalamazoo College and a Ph.D. in Computer Science on VLSI Design algorithms from Duke University. He is also the author of How Debuggers Work. Jothy holds patents on debugger watchpoint mechanisms, content certification and site identity assurance, as well as a pending security compliance monitoring patent.

David L. Remy, CISSP, Director of Product Engineering for Security, Web Services and XML on WebLogic Workshop, BEA

David Remy works at BEA Systems, Inc., where he is a Director of Product Engineering responsible for security, Web services, and XML for BEA's WebLogic Workshop product line. Prior to working with BEA, David was founder and Chief Architect for GeoTrust, Inc., a security company and now the second largest certificate authority in the world. David has worked in the software industry for more than 16 years, holding such positions as Chief Technology Officer at Netstock, Director of Technology at Corbis, Director of Architecture at PEMCO Financial, Advisory Systems Engineer at IBM, and several other contracting and software development roles.