mainCore Security Patterns - Best Practices and Strategies for J2EE™, Web Services, and Identity Management0131463071.hhc0131463071/main.htmlCore Security Patterns: Best Practices and Strategies for J2EE", Web Services, and Identity ManagementTable of ContentsCopyrightPraise for Core Security PatternsPrentice Hall Core SeriesForewordForewordPrefaceAcknowledgmentsAbout the AuthorsPart I:  IntroductionPart II:  Java Security Architecture and TechnologiesPart III:  Web Services Security and Identity ManagementPart IV:  Security Design Methodology, Patterns, and Reality ChecksPart V:  Design Strategies and Best PracticesPart VI:  Putting It All TogetherPart VII:  Personal Identification Using Smart Cards and BiometricsIndexWhat This Book Is AboutWhat This Book Is NotWho Should Read This Book?How This Book Is OrganizedCompanion Web SiteFeedbackChris SteelRamesh NagappanRay LaiChapter 1.  Security by DefaultChapter 2.  Basics of SecurityChapter 3.  The Java 2 Platform SecurityChapter 4.  Java Extensible Security Architecture and APIsChapter 5.  J2EE Security ArchitectureChapter 6.  Web Services SecurityStandards and TechnologiesChapter 7.  Identity Management Standards and TechnologiesChapter 8.  The Alchemy of Security DesignMethodology, Patterns, and Reality ChecksChapter 9.  Securing the Web TierDesign Strategies and Best PracticesChapter 10.  Securing the Business TierDesign Strategies and Best PracticesChapter 11.  Securing Web ServicesDesign Strategies and Best PracticesChapter 12.  Securing the IdentityDesign Strategies and Best PracticesChapter 13.  Secure Service ProvisioningDesign Strategies and Best PracticesChapter 14.  Building End-to-End Security ArchitectureA Case StudyChapter 15.  Secure Personal Identification Strategies Using Smart Cards and BiometricsSYMBOLABCDEFGHIJKLMNOPQRSTUVWXYZBusiness Challenges Around SecurityWhat Are the Weakest Links?The Impact of Application SecurityThe Four W'sStrategies for Building Robust SecurityProactive and Reactive SecurityThe Importance of Security ComplianceThe Importance of Identity ManagementSecure Personal IdentificationThe Importance of Java TechnologyMaking Security a "Business Enabler"SummaryReferencesSecurity Requirements and GoalsThe Role of Cryptography in SecurityThe Role of Secure Sockets Layer (SSL)The Importance and Role of LDAP in SecurityCommon Challenges in CryptographyThreat ModelingIdentity ManagementSummaryReferencesJava Security ArchitectureJava Applet SecurityJava Web Start SecurityJava Security Management ToolsJ2ME Security ArchitectureJava Card Security ArchitectureSecuring the Java CodeSummaryReferencesJava Extensible Security ArchitectureJava Cryptography Architecture (JCA)Java Cryptographic Extensions (JCE)Java Certification Path API (CertPath)Java Secure Socket Extension (JSSE)Java Authentication and Authorization Service (JAAS)Java Generic Secure Services API (JGSS)Simple Authentication and Security Layer (SASL)SummaryReferencesJ2EE Architecture and Its Logical TiersJ2EE Security DefinitionsJ2EE Security InfrastructureJ2EE Container-Based SecurityJ2EE Component/Tier-Level SecurityJ2EE Client SecurityEJB Tier or Business Component SecurityEIS Integration TierOverviewJ2EE ArchitectureNetwork TopologyJ2EE Web Services SecurityOverviewSummaryReferencesWeb Services Architecture and Its Building BlocksWeb Services SecurityCore IssuesWeb Services Security RequirementsWeb Services Security StandardsXML SignatureXML EncryptionXML Key Management System (XKMS)OASIS Web Services Security (WS-Security)WS-I Basic Security ProfileJava-Based Web Services Security ProvidersXML-Aware Security AppliancesSummaryReferencesIdentity ManagementCore IssuesUnderstanding Network Identity and Federated IdentityIntroduction to SAMLSAML ArchitectureSAML Usage ScenariosThe Role of SAML in J2EE-Based Applications and Web ServicesIntroduction to Liberty Alliance and Their ObjectivesLiberty Alliance ArchitectureLiberty Usage ScLiberty Usage ScenariosThe Nirvana of Access Control and Policy ManagementIntroduction to XACMLXACML Data Flow and ArchitectureXACML Usage ScenariosSummaryReferencesThe RationaleSecure UPSecurity PatternsSecurity Patterns for J2EE, Web Services, Identity Management, and Service ProvisioningReality ChecksSecurity TestingAdopting a Security FrameworkRefactoring Security DesignService Continuity and RecoveryConclusionReferencesWeb-Tier Security PatternsBest Practices and PitfallsReferencesSecurity Considerations in the Business TierBusiness Tier Security PatternsBest Practices and PitfallsReferencesWeb Services Security Protocols StackWeb Services Security InfrastructureWeb Services Security PatternsBest Practices and PitfallsReferencesIdentity Management Security PatternsBest Practices and PitfallsReferencesBusiness ChallengesUser Account Provisioning ArchitectureIntroduction to SPMLService Provisioning Security PatternBest Practices and PitfallsSummaryReferencesOverviewUse Case ScenariosApplication ArchitectureSecurity ArchitectureDesignDevelopmentTestingDeploymentSummaryLessons LearnedPitfallsConclusionReferencesPhysical and Logical Access ControlEnabling TechnologiesSmart Card-Based Identification and AuthenticationBiometric Identification and AuthenticationMulti-factor Authentication Using Smart Cards and BiometricsBest Practices and PitfallsReferences