Security for Web Services and Service-Oriented Architectures

1. Front Matter

   Pages i-xii

   PDF

2. Introduction

   • Elisa Bertino, Lorenzo D. Martino, Federica Paci, Anna C. Squicciarini

   Pages 1-8

   PDF

3. Web Service Technologies, Principles, Architectures, and Standards

   • Elisa Bertino, Lorenzo D. Martino, Federica Paci, Anna C. Squicciarini

   Pages 9-23

   PDF

4. Web Services Threats, Vulnerabilities, and Countermeasures

   • Elisa Bertino, Lorenzo D. Martino, Federica Paci, Anna C. Squicciarini

   Pages 25-44

   PDF

5. Standards for Web Services Security

   • Elisa Bertino, Lorenzo D. Martino, Federica Paci, Anna C. Squicciarini

   Pages 45-77

   PDF

6. Digital Identity Management and Trust Negotiation

   • Elisa Bertino, Lorenzo D. Martino, Federica Paci, Anna C. Squicciarini

   Pages 79-114

   PDF

7. Access Control for Web Services

   • Elisa Bertino, Lorenzo D. Martino, Federica Paci, Anna C. Squicciarini

   Pages 115-146

   PDF

8. Secure Publishing Techniques

   • Elisa Bertino, Lorenzo D. Martino, Federica Paci, Anna C. Squicciarini

   Pages 147-157

   PDF

9. Access Control for Business Processes

   • Elisa Bertino, Lorenzo D. Martino, Federica Paci, Anna C. Squicciarini

   Pages 159-177

   PDF

10. Emerging Research Trends

    • Elisa Bertino, Lorenzo D. Martino, Federica Paci, Anna C. Squicciarini

    Pages 179-195

    PDF

11. Back Matter

    Pages 197-226

    PDF

Web services technologies are advancing fast and being extensively deployed in many di?erent application environments. Web services based on the eXt- sible Markup Language (XML), the Simple Object Access Protocol (SOAP), andrelatedstandards,anddeployedinService-OrientedArchitectures(SOAs) are the key to Web-based interoperability for applications within and across organizations. Furthermore, they are making it possible to deploy appli- tions that can be directly used by people, and thus making the Web a rich and powerful social interaction medium. The term Web 2.0 has been coined to embrace all those new collaborative applications and to indicate a new, “social” approach to generating and distributing Web content, characterized by open communication, decentralization of authority, and freedom to share and reuse. For Web services technologies to hold their promise, it is crucial that - curity of services and their interactions with users be assured. Con?dentiality, integrity,availability,anddigitalidentitymanagementareallrequired.People need to be assured that their interactions with services over the Web are kept con?dential and the privacy of their personal information is preserved. People need to be sure that information they use for looking up and selecting s- vicesiscorrectanditsintegrityisassured.Peoplewantservicestobeavailable when needed. They also require interactions to be convenient and person- ized, in addition to being private. Addressing these requirements, especially when dealing with open distributed applications, is a formidable challenge.

• Access Control
• BPEL
• Information Security
• SAML
• SOA
• Service-Oriented Architecture
• WSDL
• Web Services
• Workflow
• XML
• identity management
• language
• organization
• security
• standards

From the reviews:

“This book deals exclusively with SOAP based Web services. … the book could serve as a good review and reference. … The book targets three distinct audiences, practitioners, students and researchers. … I suspect students and researchers will find the first half of this book a fast paced review or a somewhat useful reference, at best. The second half of the book contains material that might be more useful to students and researchers.” (Karthik Ramachandran, ACM Computing Reviews, September, 2010)

• CERIAS, Dept. Computer Sciences, Purdue University, West Lafayette, USA

  Elisa Bertino, Anna Squicciarini

• Dept. Computer &, Information Technology (ICT), Purdue University, West Lafayette, USA

  Lorenzo Martino

• Dipto. Informatica e Comunicazione, Università Milano-Bicocca, Milano, Italy

  Federica Paci

Elisa Bertino is professor of Computer Science and Electrical and Computer Engineering, and research director of the Center for Education and Research in Information Assurance and Security (CERIAS) at Purdue University. She has carried out extensive research on various security topics, such as foundations of access control systems, security for location-based applications, security for web services, digital identity management, data privacy, security and privacy for healthcare applications and for GIS; and has given numerous presentations and tutorials on these topics in scientific conferences. Recently, she recently received the IEEE Computer Society 2005 Kanai award for her research in security for distributed systems. She has also served as a member of the Microsoft Trustworthy Computing Academic Advisory Board.

Lorenzo D. Martino is visiting assistant professor at the Computer and Information Technology (C&IT) department of Purdue University and at the Cyber Center of the Purdue University. He has carried out research on trust negotiation techniques and security for web services.

Federica Maria Francesca Paci is a PhD Student at the University of Milan, Italy. Her main research interests include the development of access control models for constraint workflow systems, Web services access control models and secure distribution of XML documents. She has published several refereed journal and conference papers in these areas.

Anna Squicciarini is a post doctoral research associate in the Computer Science Department of Purdue University. She conducts research on security for distributed systems, with particular focus on trust management, identity management and access control for grids and Web Services. She has published several refereed journal and conference papers in these areas. She has been the main architect of the Trust-X system, an innovative system supporting trust negotiation in distributed open systems.

Policies and ethics