Programming Books C Java PHP Python Learn more Browse Programming Books

Sorry, this item is not available in
Image not available for
Image not available

To view this video download Flash Player


Sign in to turn on 1-Click ordering
More Buying Choices
Have one to sell? Sell yours here
Tell the Publisher!
I'd like to read this book on Kindle

Don't have a Kindle? Get your Kindle here, or download a FREE Kindle Reading App.

Securing Web Services with WS-Security: Demystifying WS-Security, WS-Policy, SAML, XML Signature, and XML Encryption [Paperback]

by Jothy Rosenberg, David Remy
3.5 out of 5 stars  See all reviews (15 customer reviews)

List Price: $49.99
Price: $36.18 & FREE Shipping. Details
You Save: $13.81 (28%)
o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o
Only 4 left in stock (more on the way).
Ships from and sold by Gift-wrap available.
Want it tomorrow, April 25? Choose One-Day Shipping at checkout. Details
Free Two-Day Shipping for College Students with Amazon Student

Sell Us Your Books
Get up to 80% back when you sell us your books, even if you didn't buy them at Amazon. Learn more

Book Description

May 22, 2004 0672326515 978-0672326516 1
Comprehensive coverage is given in this up-to-date and practical guide to Web services security--the first to cover the final release of new standards SAML 1.1 and WS-Security. Rosenberg and Remy are security experts who co-founded GeoTrust, the #2 Web site certificate authority.

Frequently Bought Together

Securing Web Services with WS-Security: Demystifying WS-Security, WS-Policy, SAML, XML Signature, and XML Encryption + Web Services Security + SOA Security
Price for all three: $107.68

Buy the selected items together
  • Web Services Security $31.26
  • SOA Security $40.24

Editorial Reviews

From the Inside Flap

From the Forewords:

The great promise of Web services will never be realized unless they are proven to be reliable, available, and have the appropriate level of security. Rosenberg and Remy are among the first to accurately portray Web Services Security by addressing how to apply the correct amount and types of security solutions.

The security issues that apply to Web services are similar to those surrounding other technology solutions and systems. Business applications deployed as Web services need to incorporate security building blocks including authentication, authorization, confidentiality, availability and reliability, fraudulent transactions, nonrepudiation, compliance, and auditing and monitoring.

Rosenberg and Remy have not only clearly defined Web Services Security, but they also have put together a great roadmap on how to properly deploy secure Web services at all levels. I hope you find this book as enlightening and informative as I did.

--M. Greg Shanton, AMS, Inc.

...This book makes it quite a bit easier to comprehend all the facets of Web Services Security; plus, it aggregates information on all the underlying and associated security technologies that WS-Security relies on, such as SSL, PKI, XKMS, SAML, and a host of other acronyms. It’s a reference book that I intend to keep handy.

In all my conversations with enterprise companies, security reigns as the number one concern in their plans to deploy Web services. And I can't blame them. Without a proper security infrastructure in place, Web services can expose sensitive corporate processes and information and leave a company open to risk and malfeasance--from both internal and external perpetrators.

Traditional network-layer and perimeter security tactics, such as SSL, proxy servers, and firewalls, aren't sufficient to protect IT systems anymore... Developers need to be prepared to start using WS-Security and SAML. This book is a great place to start.

--Anne Thomas Manes, Burton Group

About the Author

About the Authors

Jonathan "Jothy" Rosenberg, Ph.D., Founder, CTO, and CEO, Service Integrity

Dr. Jothy Rosenberg is a serial entrepreneur. He is a founder, Director, CTO, and CEO of Service Integrity, a company providing XML Web services monitoring and analysis products for end-to-end real-time enterprise visibility including security and compliance visibility or "early warning." Prior to Service Integrity, Jothy co-founded GeoTrust, the world's second largest certificate authority and a major innovator in enterprise-managed security solutions. As the company's COO and CTO, Jothy led the company's product development initiatives, developing patents on a series of ground-breaking security products and deploying a secure Web service integrating GeoTrust's reseller partners into the SSL provisioning process. Previous to GeoTrust, Jothy served as CEO and CTO of Factpoint, Inc., a pioneer in the area of content certification and content management. With his Service Integrity co-founders, he also co-founded Webspective, which was later sold to Inktomi.

Before these multiple ventures, Jothy held various executive positions at Borland International where he was General Manager of the Enterprise Tools Division and overall Development VP for Languages, including Delphi, C++, and JBuilder products. Jothy holds a B.A. in Mathematics from Kalamazoo College and a Ph.D. in Computer Science on VLSI Design algorithms from Duke University. He is also the author of How Debuggers Work. Jothy holds patents on debugger watchpoint mechanisms, content certification and site identity assurance, as well as a pending security compliance monitoring patent.

David L. Remy, CISSP, Director of Product Engineering for Security, Web Services and XML on WebLogic Workshop, BEA

David Remy works at BEA Systems, Inc., where he is a Director of Product Engineering responsible for security, Web services, and XML for BEA's WebLogic Workshop product line. Prior to working with BEA, David was founder and Chief Architect for GeoTrust, Inc., a security company and now the second largest certificate authority in the world. David has worked in the software industry for more than 16 years, holding such positions as Chief Technology Officer at Netstock, Director of Technology at Corbis, Director of Architecture at PEMCO Financial, Advisory Systems Engineer at IBM, and several other contracting and software development roles.

Product Details

  • Paperback: 408 pages
  • Publisher: Sams Publishing; 1 edition (May 22, 2004)
  • Language: English
  • ISBN-10: 0672326515
  • ISBN-13: 978-0672326516
  • Product Dimensions: 9 x 7 x 0.9 inches
  • Shipping Weight: 1.4 pounds (View shipping rates and policies)
  • Average Customer Review: 3.5 out of 5 stars  See all reviews (15 customer reviews)
  • Amazon Best Sellers Rank: #280,924 in Books (See Top 100 in Books)

More About the Authors

Discover books, learn about writers, read author blogs, and more.

Customer Reviews

Most Helpful Customer Reviews
15 of 16 people found the following review helpful
1.0 out of 5 stars Worthless For Programmers April 26, 2006
Format:Paperback|Verified Purchase
Agree completely with all of the other reviewers in respect to practical working examples and detailed information. This is nothing more than a high-level overview of documentation and specifications you can easily find yourself on the internet. Look elsewhere (and yeah, I'm still looking myself) for solid information about how to design and deploy WS-* applications.
Comment | 
Was this review helpful to you?
9 of 9 people found the following review helpful
3.0 out of 5 stars Good intro but needs an update December 21, 2005
This book would help you if you need an introduction to Web services security standards. If you need to know the strategies for how to implement then this book may not help much. Some of the specifications discussed in the book is not complete and there is lot of confusion in the standards committee moving forward. I bought this book before I bought the Core Security Patterns which details both the standards and patterns-based implementation strategies for Web services security. This book also needs a revision in terms of updating to SAML 2.0, WS-Security 1.1, WS-I Basic Security profile.
Comment | 
Was this review helpful to you?
7 of 8 people found the following review helpful
2.0 out of 5 stars Weak examples. April 7, 2006
This book delivers good introduction to WS-* specs beyond that I don't find much help. From a developer perspective, the book does'nt help with good examples, it is missing with coding guidance and also lacks detail about the PKI in Web services. Possibly this book is too early to market before the specs are endorsed by OASIS. It's time for a revision..otherwise I could've added two more stars.
Comment | 
Was this review helpful to you?
9 of 11 people found the following review helpful
5.0 out of 5 stars Nice practical book with good insights June 1, 2004
By "a_cpp"
I teach a course on Web Services Security, and was in search of a good book that I could recommend to my class. This book was certainly a good find. It goes beyond the hype and chatter associated with Web Services. This book puts a very objective perspective.
What I specifically like about the book, is how it ties past lessons learnt with the current technologies and thus, helps us not repeat the mistakes. Also, throughout the book, the authors explain complex security concepts in a lucid manner and simplify (as much as possible) the intricacies of implementing secure web services. There are numerous practical insights and illustrations through out.
I would strongly recommend this book for anyone trying to implement WS-* specification based solution.
The only thing I would have liked to see in the book is an example with .NET as well. Nevertheless, the book is fairly platform independent (except for chapter 10) and both Java and .NET developers would benefit equally.
This is my personal favorite as of now. I also like Web Services Security by Mark O'Neil - but that book is slightly dated now.
Comment | 
Was this review helpful to you?
6 of 7 people found the following review helpful
3.0 out of 5 stars good intro book - need a revision January 16, 2006
i am an architect working on large-scale web services on j2ee and .net ddevlopment and deplyment. I bought this book for getting myself introduced to ws-security and saml. if you would like to know the security specifications for web services at a high-level you may find this book useful. If you are looking at the practical aspects of how to implement them in a j2ee or .net web services you wil find limited help. The coverage on ws-* specs are little bit old as new revisions are already out.
Comment | 
Was this review helpful to you?
6 of 7 people found the following review helpful
Having been a software architect with special focus on security and also being involved in developement of various XML related security standards, I believe, this book gives a good insight into many of the fundamental concepts related to Secure Web Services.
It is a very easy read with lots of history behind some of the standards and specifications created. I would have liked a few more references - a section by itself would have been useful in addition to the inlining of references which are very useful too.
I don't think I saw a clear distinction of standards and specifications. To understand this, you may want to read this white paper - [...]
This is also a good book for developers who would want to understand and get started Secure Web Services. I would certainly put this book first before getting your hands into coding.
Comment | 
Was this review helpful to you?
14 of 19 people found the following review helpful
By Mouse
I like the book, the way it's organized and presented - but am finding glaring conceptual mistakes (not typos!) in security and crypto field. Unfortunately this forces me to question and doubt every bit of information they provided: if in such a simple trivial case they managed to screw it up (and I can notice it!) - in how many other cases did they also screw up but I can't notice because I'm not an expert there (one of the reasons I picked this book was to learn about the areas I've no expertise in!).

For an example of what I'm talking about - take page 19 and get horrified at their (wrong!) definition of non-repudiation.
Comment | 
Was this review helpful to you?
2 of 2 people found the following review helpful
4.0 out of 5 stars Good Overview of Web Services Security April 6, 2006
Format:Paperback|Verified Purchase
This book is a good introduction to the application of security to Web Services and SOA. The authors focus on "message level" security versus "transport level" security, and its application to Web Services. The book explains standards: WS-Security, WS-Policy, WS-SecurePolicy and other current standards at the time of publishing (2004).

However these standards are constantly evolving and this book needs to be updated on a regular basis.

Gary E. Smith

SOA Network Architect

SOA Networks
Comment | 
Was this review helpful to you?
Most Recent Customer Reviews
5.0 out of 5 stars Excellent reference or architects and designers
This book introduces everything about security in a simple but comprehensive manner. In addition to diving into web services security, it also provides good insight into structure... Read more
Published 14 months ago by Internet_shopper
4.0 out of 5 stars good experience
Its been great my purchase. It arrived in just 3 days and i am totally satisfied with the condition of the book. Read more
Published on March 5, 2011 by Jayaprakash N. Velecheti
2.0 out of 5 stars Unnecessarily complicated, insufficiently explained
This book is written in a way that both the novice and expert readers don't understand. Readers are told to take the author's words for granted, and not to think. Read more
Published on March 3, 2011 by Cuong Huy To
5.0 out of 5 stars Excactly what we need given the state of the standards
This book hits the nail on the head. There are a ton of prospective Web Service and security standards floating around. These authors focus on just the ones that matter. Read more
Published on July 29, 2004 by Kerry Champion
5.0 out of 5 stars This book sure does demystify Web Services security
Perfect book for the novice as well as the person that thinks they know it all, but just wants to be sure. Read more
Published on July 15, 2004 by Michael Rowan
3.0 out of 5 stars Good for understanding basics only
This book is perfect for those interested to know the fundamentals of XML Security and the security standards landscape for Web services. Read more
Published on July 11, 2004 by Prasad Reddy
Search Customer Reviews
Only search this product's reviews

Sell a Digital Version of This Book in the Kindle Store

If you are a publisher or author and hold the digital rights to a book, you can sell a digital version of it in our Kindle Store. Learn more


There are no discussions about this product yet.
Be the first to discuss this product with the community.
Start a new discussion
First post:
Prompts for sign-in

Look for Similar Items by Category