WS-Security (Web Services Security, short WSS) is a flexible and feature-rich extension to SOAP to apply security to web services. It is a member of the WS-* family of web service specifications and was published by OASIS.
The protocol specifies how integrity and confidentiality can be enforced on messages and allows the communication of various security token formats, such as SAML, Kerberos, and X.509. Its main focus is the use of XML Signature and XML Encryption to provide end-to-end security.
This book is your ultimate resource for WS-Security (Web Services Security, short WSS). Here you will find the most up-to-date information, analysis, background and everything you need to know.
In easy to read chapters, with extensive references and links to get you to know all there is to know about WS-Security (Web Services Security, short WSS) right away, covering: WS-Security, List of web service specifications, WS-Addressing, Apache Axis, Apache Axis2, Apache CXF, WS-BaseNotification, BPEL script, BPEL4People, Business Process Execution Language, Celtix, WS-Coordination, Extensible User Interface Protocol, Flow Description Markup Language, GlassFish Metro, Green Pages, HTTPR, Web Services Inspection Language, Java API for XML-based RPC, WS-Notification, WS-Policy, Really Simple Discovery, WS-Reliability, WS-ReliableMessaging, WS-Resource, SDEP, Web Services Security Kerberos Binding, Web Single Sign-On Interoperability Profile, Web Single Sign-On Metadata Exchange Protocol, WS-Federation Active Requestor Profile, WS-Federation Passive Requestor Profile, WS-SecureConversation, WS-SecurityPolicy, Service choreography, Simple Soap Binding Profile, SOAP with Attachments, SOAP-over-UDP, WS-Topics, WS-Transaction, Universal Description Discovery and Integration, Web Services Conversation Language, Web Services Description Language, Web Services Endpoint Language, Web Services for Remote Portlets, Web Services Invocation Framework, Web Services Semantics, White Pages (UDDI), WS-CAF, WS-CDL, WS-Context, WS-Discovery, WS-Eventing, WS-Federation, WS-I Basic Profile, WS-MetadataExchange, WS-Policy4MASC, WS-Transfer, WS-Trust, XML Interface for Network Services, Yellow Pages (UDDI), Security software, Acunetix, Advanced Intrusion Detection Environment, AirSnort, Apache Rampart module, Assuria Auditor, Astalavista.box.sk, Attack surface, Attack Surface Analyzer, Authbind, Autossh, Avira, BeEF (Browser Exploitation Framework), BeyondTrust, Bothunter, BSDRadius, CapDesk, Child Exploitation Tracking System, Chkrootkit, Cisco Global Exploiter, Code signing, COPS (software), Core FTP Mini SFTP Server, CoSign single sign on, Cross Domain Solutions, DigitalFusion Platform, EICAR test file, Einstein (US-CERT program), Employee monitoring software, External Security Manager, Fail2ban, Finjan SecureBrowsing, FreeOTFE, FreeRADIUS, GIANT AntiSpyware, Hack trapper, HDDerase, HERAS-AF, Honeypot and forEnsic Analysis Tool, Idle scan, Incredible Internet, JBoss SSO, Kaspersky Mobile Security, Anti keylogger, Logical security, Matriux, Mausezahn, Md5deep, Metasploit Project, Microsoft Forefront, Microsoft Forefront Online Protection for Exchange, Microsoft Forefront Threat Management Gateway, Microsoft Forefront Unified Access Gateway, Muffin (proxy), MyWOT.com, Neopwn, Nessus (software), Network Security Toolkit, Nikto Web Scanner, Norton AntiBot, Novell Access Manager, Object-code Buffer Overrun Evaluator, Paramount Defenses, PERMIS, Petname, PhishTank, Port scanner, Proofpoint, Inc., Proxy server, Rapid7, Retina Vulnerability Assessment Scanner, Returnil Virtual System, Rkhunter, RootkitRevealer...and much more
This book explains in-depth the real drivers and workings of WS-Security (Web Services Security, short WSS). It reduces the risk of your technology, time and resources investment decisions by enabling you to compare your understanding of WS-Security (Web Services Security, short WSS) with the objectivity of experienced professionals.