DESIGNING AND DEVELOPING SECURE WEB SERVICES – GTWB05

Course Description

This is a course designed for the developers and architects that focuses on the security aspects of Web Service development. Through lecture and hands on exercise this class will teach you the security problems faced by a Web Service consumer or provider and how to solve them through open standards. Topics like authentication, authorization, encryption and non-repudiation are covered. Advanced topics like single sign on and trust based authentication are also covered.

Objectives

After completing this course, students will be able to:

  • Understand the unique problems with security in Web Services
  • Explain how messages are encrypted using WS-Security
  • Explain how non-repudiation works with WS-Security
  • Explain how authentication works with WS-Security
  • Explain the need for WS-Trust and WS-Federation
  • Understand the key concepts in securing REST style web services.

^^

Duration

2 days

^^

Target Audience

Developers and architects.

^^

Course Prerequisites

Students should be already familiar with the basics of Web Service development, such as SOAP and WSDL. Some knowledge of Java is required.

^^

Suggested Follow on Courses

There are a number of options of suitable follow-on courses, depending on your business needs. Please contact us for further details.

^^

Course Content

CHAPTER 1 – WEB SERVICES SECURITY (WS-SECURITY)

The Challenges

Public Key Infrastructure (PKI)

Digital Signature

Certificates

Overview of Web Services Security

SOAP Message Security

Message Integrity

Message Confidentiality

Message Confidentiality

Symmetric Encryption Example

Authentication Using Identity Token

Authentication

Authentication

Transport Level Security

Audit Tracking

Audit Tracking

Identity Assertion Using SAML

SAML SOAP Example

CHAPTER 2 – WS-TRUST AND WS-FEDERATION

Review of WS-Security Authentication Model

How WS-Trust Works

How WS-Trust Works

WS-Federation

Federation Metadata Example

Requesting a Token

Dynamic Conversation

CHAPTER 3 – INTEROPERABILITY OF WS-SECURITY

Interoperability Challenges

Recall WS-Security

Platform Run-Time Issues

Hints

Recall: WS-I

Basic Security Profile v1.0

Using Basic Security Profile 1.0

BSP 1.0 Details

BSP 1.0 Highlights

BSP 1.0 Highlights

CHAPTER 4 – SECURING REST SERVICES

Objectives

RESTful Security – Ideal Approach

RESTful Security – Practical Approach

Protecting the QueryString

REST and Access IDs

AWS and HMAC

Securing Resources

REST Security Concerns

Comprehensive REST Security

^^

See more Web Services courses