Core security patterns : best practices and strategies for J2EE, Web services, and identity management / Christopher Steel, Ramesh Nagappan, Ray Lai.
Material type: TextSeries: Prentice Hall PTR core seriesPublication details: Upper Saddle River, N.J. : Prentice Hall PTR ; London : Pearson Education [distributor], 2006.Description: xlvi, 1041 pages : illustrations ; 25 cmContent type:- text
- unmediated
- volume
- 9780131463073
- 0131463071
- 005.8 22
- QA76.73.J3 S834 2006
Item type | Current library | Call number | Status | Date due | Barcode | |
---|---|---|---|---|---|---|
Standard Loan | Thurles Library Main Collection | 005.8 STE (Browse shelf(Opens below)) | Available | 30026000010511 |
Browsing Thurles Library shelves, Shelving location: Main Collection Close shelf browser (Hides shelf browser)
Enhanced descriptions from Syndetics:
A guide to building robust end-to-end security into J2EE enterprise applications, Web services, identity management, service provisioning, and personal identification solutions. Written by three leading Java security architects, this book explains the fundamentals of Java application security and then introduces a structured security methodology.
Formerly CIP. Uk
Includes bibliographical references and index.
Table of contents provided by Syndetics
- Foreword
- Foreword
- Preface
- Acknowledgments
- About the Authors
- I Introduction
- 1 Security by Default
- Business Challenges Around Security
- What Are the Weakest Links?
- The Impact of Application Security
- The Four W's
- Strategies for Building Robust Security
- Proactive and Reactive Security
- The Importance of Security Compliance
- The Importance of Identity Management
- The Importance of Java Technology
- Making Security a "Business Enabler"
- Summary
- References
- 2 Basics of Security
- Security Requirements and Goals
- The Role of Cryptography in Security
- The Role of Secure Sockets Layer (SSL)
- The Importance and Role of LDAP in Security
- Common Challenges in Cryptography
- Threat Modeling
- Identity Management
- Summary
- References
- II Java Security Architecture and Technologies
- 3 The Java 2 Platform Security
- Java Security Architecture
- Java Applet Security
- Java Web Start Security
- Java Security Management Tools
- J2ME Security Architecture
- Java Card Security Architecture
- Securing the Java Code
- Summary
- References
- 4 Java Extensible Security Architecture and APIs
- Java Extensible Security Architecture
- Java Cryptography Architecture (JCA)
- Java Cryptographic Extensions (JCE)
- Java Certification Path API (CertPath)
- Java Secure Socket Extension (JSSE)
- Java Authentication and Authorization Service (JAAS)
- Java Generic Secure Services API (JGSS)
- Simple Authentication and Security Layer (SASL)
- Summary
- References
- 5 J2EE Security Architecture
- J2EE Architecture and Its Logical Tiers
- J2EE Security Definitions
- J2EE Security Infrastructure
- J2EE Container-Based Security
- J2EE Component/Tier-Level Security
- J2EE Client Security
- EJB Tier or Business Component Security
- EIS Integration Tier-Overview
- J2EE Architecture--Network Topology
- J2EE Web Services Security-Overview
- Summary
- References
- III Web Services Security and Identity Management
- 6 Web Services Security--Standards and Technologies
- Web Services Architecture and Its Building Blocks
- Web Services Security--Core Issues
- Web Services Security Requirements
- Web Services Security Standards
- XML Signature
- XML Encryption
- XML Key Management System (XKMS)
- OASIS Web Services Security (WS-Security)
- WS-I Basic Security Profile
- Java-Based Web Services Security Providers
- XML-Aware Security Appliances
- Summary
- References
- 7 Identity Management Standards and Technologies
- Identity Management--Core Issues
- Understanding Network Identity and Federated Identity
- Introduction to SAML
- SAML Architecture
- SAML Usage Scenarios
- The Role of SAML in J2EE-Based Applications and Web Services
- Introduction to Liberty Alliance and Their Objectives
- Liberty Alliance Architecture
- Liberty Usage Scenarios
- The Nirvana of Access Control and Policy Management
- Introduction to XACML
- XACML Data Flow and Architecture
- XACML Usage Scenarios
- Summary
- References
- IV Security Design Methodology, Patterns, and Reality Checks
- 8 The Alchemy of Security Design--Methodology, Patterns, and Reality Checks
- The Rationale
- Secure UP
- Security Patterns
- Security Patterns for J2EE, Web Services, Identity Management, and Service Provisioning
- Reality Checks
- Security Testing
- Adopting a Security Framework
- Refactoring Security Design
Excerpt provided by Syndetics
Author notes provided by Syndetics
Christopher Steel , CISSP, ISSAP, is the President and CEO of FortMoon Consulting and was recently the Chief Architect on the U.S. Treasury's Pay.gov project. He has over fifteen years experience in distributed enterprise computing with a strong focus on application security, patterns, and methodologies. He presents regularly at local and industry conferences on security-related topics.
Ramesh Nagappan is a Java Technology Architect at Sun Microsystems. With extensive industry experience, he specializes in Java distributed computing and security architectures for mission-critical applications. Previously he coauthored three best-selling books on J2EE, EAI, and Web Services. He is an active contributor to open source applications and industry-standard initiatives, and frequently speaks at industry conferences related to Java, XML, and Security.
Ray Lai , Principal Engineer at Sun Microsystems, has developed and architected enterprise applications and Web services solutions for leading multinational companies ranging from HSBC and Visa to American Express and DHL. He is author of J2EE Platform Web Services (Prentice Hall, 2004).