Customer Reviews

Securing Web Services with WS-Security: Demystifying WS-Security, WS-Policy, SAML, XML Signature, and XML Encryption

5 star:		(5)
4 star:		(3)
3 star:		(3)
2 star:		(3)
1 star:		(1)

 

 

Agree completely with all of the other reviewers in respect to practical working examples and detailed information. This is nothing more than a high-level overview of documentation and specifications you can easily find yourself on the internet. Look elsewhere (and yeah, I'm still looking myself) for solid information about how to design and deploy WS-* applications.

This book would help you if you need an introduction to Web services security standards. If you need to know the strategies for how to implement then this book may not help much. Some of the specifications discussed in the book is not complete and there is lot of confusion in the standards committee moving forward. I bought this book before I bought the Core Security Patterns which details both the standards and patterns-based implementation strategies for Web services security. This book also needs a revision in terms of updating to SAML 2.0, WS-Security 1.1, WS-I Basic Security profile.

This book delivers good introduction to WS-* specs beyond that I don't find much help. From a developer perspective, the book does'nt help with good examples, it is missing with coding guidance and also lacks detail about the PKI in Web services. Possibly this book is too early to market before the specs are endorsed by OASIS. It's time for a revision..otherwise I could've added two more stars.

I teach a course on Web Services Security, and was in search of a good book that I could recommend to my class. This book was certainly a good find. It goes beyond the hype and chatter associated with Web Services. This book puts a very objective perspective.

What I specifically like about the book, is how it ties past lessons learnt with the current technologies and thus, helps us not repeat the mistakes. Also, throughout the book, the authors explain complex security concepts in a lucid manner and simplify (as much as possible) the intricacies of implementing secure web services. There are numerous practical insights and illustrations through out.

I would strongly recommend this book for anyone trying to implement WS-* specification based solution.

The only thing I would have liked to see in the book is an example with .NET as well. Nevertheless, the book is fairly platform independent (except for chapter 10) and both Java and .NET developers would benefit equally.

This is my personal favorite as of now. I also like Web Services Security by Mark O'Neil - but that book is slightly dated now.

i am an architect working on large-scale web services on j2ee and .net ddevlopment and deplyment. I bought this book for getting myself introduced to ws-security and saml. if you would like to know the security specifications for web services at a high-level you may find this book useful. If you are looking at the practical aspects of how to implement them in a j2ee or .net web services you wil find limited help. The coverage on ws-* specs are little bit old as new revisions are already out.

Having been a software architect with special focus on security and also being involved in developement of various XML related security standards, I believe, this book gives a good insight into many of the fundamental concepts related to Secure Web Services.
It is a very easy read with lots of history behind some of the standards and specifications created. I would have liked a few more references - a section by itself would have been useful in addition to the inlining of references which are very useful too.
I don't think I saw a clear distinction of standards and specifications. To understand this, you may want to read this white paper - http://www.sun.com/software/whitepapers/webservices/securing_webservices.pdf

This is also a good book for developers who would want to understand and get started Secure Web Services. I would certainly put this book first before getting your hands into coding.

I like the book, the way it's organized and presented - but am finding glaring conceptual mistakes (not typos!) in security and crypto field. Unfortunately this forces me to question and doubt every bit of information they provided: if in such a simple trivial case they managed to screw it up (and I can notice it!) - in how many other cases did they also screw up but I can't notice because I'm not an expert there (one of the reasons I picked this book was to learn about the areas I've no expertise in!).

For an example of what I'm talking about - take page 19 and get horrified at their (wrong!) definition of non-repudiation.

This book is a good introduction to the application of security to Web Services and SOA. The authors focus on "message level" security versus "transport level" security, and its application to Web Services. The book explains standards: WS-Security, WS-Policy, WS-SecurePolicy and other current standards at the time of publishing (2004).

However these standards are constantly evolving and this book needs to be updated on a regular basis.

Gary E. Smith
SOA Network Architect
SOA Networks

This book is perfect for those interested to know the fundamentals of XML Security and the security standards landscape for Web services. Instead of searching around the web, you may find the book as a one-stop reference for understanding WS-Security. From a developer standpoint, you may find this book as a little help only. You may need to look for a hands-on security book like 'Core Security Patterns' for learning how to implement these ever evolving standards.

This book makes web service security and ws-security easy to understand. It includes diagrams that makes complicated process easy to understand.
It also includes samples and screen shots on securing web services using WebLogic Workshop. These step by step demo makes ws-security appears so simple.