SOA Security [Paperback]

Ramarao Kanneganti (Author), Prasad A Chodavarapu (Author)

Book Description

ISBN-10: 1932394680 | ISBN-13: 978-1932394689 | Publication Date: January 11, 2008

SOA is one of the latest technologies enterprises are using to tame their software costs - in development, deployment, and management. SOA makes integration easy, helping enterprises not only better utilize their existing investments in applications and infrastructure, but also open up new business opportunities. However, one of the big stumbling blocks in executing SOA is security. This book addresses Security in SOA with detailed examples illustrating the theory, industry standards and best practices.

It is true that security is important in any system. SOA brings in additional security concerns as well rising out of the very openness that makes it attractive. If we apply security principles blindly, we shut ourselves of the benefits of SOA. Therefore, we need to understand which security models and techniques are right for SOA. This book provides such an understanding.

Usually, security is seen as an esoteric topic that is better left to experts. While it is true that security requires expert attention, everybody, including software developers, designers, architects, IT administrators and managers need to do tasks that require very good understanding of security topics. Fortunately, traditional security techniques have been around long enough for people to understand and apply them in practice. This, however, is not the case with SOA Security.

Anyone seeking to implement SOA Security is today forced to dig through a maze of inter-dependent specifications and API docs that assume a lot of prior experience on the part of readers. Getting started on a project is hence proving to be a huge challenge to practitioners. This book seeks to change that. It provides bottom-up understanding of security techniques appropriate for use in SOA without assuming any prior familiarity with security topics on the part of the reader.

Unlike most other books about SOA that merely describe the standards, this book helps you get started immediately by walking you through sample code that illustrates how real life problems can be solved using the techniques and best practices described in standards. Whereas standards discuss all possible variations of each security technique, this book focusses on the 20% of variations that are used 80% of the time. This keeps the material covered in the book simple as well as self-sufficient for all readers except the most advanced.

Editorial Reviews

About the Author

Dr. Tamarao (Rama) Kanneganti is Chief Technology Officer (CTO) at HCL EAI Services. Rama has a Ph.D. in programming languages from Rice University and has worked at Bell Labs in databases and large programming systems. Currently, he advises enterprise clients in formulating and evaluating SOA strategies. Rama works out of Grosse Pointe Woods (near Detroit), Michigan, USA.

Product Details

• Paperback: 500 pages
• Publisher: Manning Publications (January 11, 2008)
• Language: English
• ISBN-10: 1932394680
• ISBN-13: 978-1932394689
• Product Dimensions: 9.2 x 7.4 x 1 inches
• Shipping Weight: 1.9 pounds (View shipping rates and policies)
• Average Customer Review: 3.8 out of 5 stars  See all reviews (13 customer reviews)
• Amazon Best Sellers Rank: #923,893 in Books (See Top 100 in Books)
  • #29 in Books > Computers & Technology > Web Development > Web Servers

Customer Reviews

Most Helpful Customer Reviews

10 of 12 people found the following review helpful:

5.0 out of 5 stars A practioners perspective but also useful to policy and decision makers, January 24, 2008

By 

Prime Member (CA, USA) - See all my reviews

This review is from: SOA Security (Paperback)

One of the detailed expositions on this subject that I have seen. While it is written to help the architects, designers and developers of services to plan and implement better security, it also gives an excellent overview of the key concepts and challenges.

The book tries to address two key audience groups. One segment is the one with an interest in the broad policy and governance issues related to Security as applied to SOA and service. The other audience segment is from the IT architecture and implementation teams that want to see examples of security as applied to services in the new SOA world. Application and process security issues are explained and illustrated with extensive code samples with detailed walk-throughs of several scenarios.

It is NOT a generic textbook on basics of security or SOA or BPM but is focused on practical issues in architecting and implementing security within SOA and BPM solutions.

There are specific examples of various security models and implementations, including appropriate use of PKI in messages and services, SAML, etc. The authors have provided extensive examples at the publishers website and one of the co-authors has posted some useful links to external reviews and interviews. This was one of the few published books that I have seen discuss Cisco's AON solution.

If you are looking for broader security issues such as intrusion detection, network security, etc. then this is the wrong book. The focus is on Security when implementing a Service Oriented Architecture in an enterprise environment.

The book is physically HEAVY and a very detailed but easy read. I do not recommend reading all the chapters and even the authors seem to agree. It is best to read the initial chapters to cover the concepts and then dive into specific chapters of interest.

11 of 14 people found the following review helpful:

2.0 out of 5 stars Disappointing title., February 17, 2008

By 

Craig Anderson "Canders" (Waltham, MA) - See all my reviews

This review is from: SOA Security (Paperback)

If you are really serious about building security to your SOA stack of applications, then this book would offer only a hello world to security. All you find is a full-blownup security chapter for XML Web services beyond that nothing more. More importantly this book is completely disorganized...all I saw is the basic XML Web services security using out-of-box Axis examples. To the most disappointment, there is no chapter to show how to put-to-gether all these APIs in a real world SOA (as they claim in the title). Why should I read the book if it is repeating the API examples from Axis. This book is nothing but a theoretical junk with no proof. After browsing all the pages, I don't find anything which show how to build a SOA security architecture. The word security is abused and does'nt make sense for this title.

6 of 7 people found the following review helpful:

1.0 out of 5 stars This book is named incorrectly., December 4, 2008

By 

Chief Member (Milwaukee, US) - See all my reviews

This review is from: SOA Security (Paperback)

Great book for starters.

However it misses the latest Standards in Security such as PKI, SAML, XACML, WS-Federation, WS-Trust and how it pertains to SOA based solution architecture. So much for a book titled "SOA Security". Also it totally ignores to explain how to ensure security at all integration tiers.

Not for security experts, more for people who are starters and do not have time to "Google" either.

Does not do detailed coverage only basic topics related to Web services security around SOAP and WSDL standards with Apache Axis sample APIs (which are out of box and can be googled easily) are discussed. It is a bit difficult to relate the examples to the meat on the book.

Also missing is the information on how to use the abused Apache API examples to compose/build a Secure SOA service base architecture or how to secure BPM workflows, SOA governance, Identity management using federation, entitlement issues with BPM portals,... the list goes on.

This book contains very repetitive content. The only good portion I found was the chapter on XML Web services. The authors should refer Information Security Management Handbook, Sixth Edition (Isc2 Press) and Core Security Patterns: Best Practices and Strategies for J2EE(TM), Web Services, and Identity Management (Sun Core Series) before the next version comes out.