Search for Training

Web Service-Enterprise Quality Of Service

Course Overview


Web Service-Enterprise Quality Of Service training is designed for Enterprise Quality and IT Professionals who want to take an architected approach to the development of SOA in their enterprises. Web Service-Enterprise Quality Of Service course is based on the work achieved in The Open Groups SOA Work Group and describes how TOGAF� is used to define SOA and is geared towards providing the Enterprise Architect with an approach, a process and some basic tools and techniques that have proven to be of benefit in the development of Enterprise Architecture based SOA. So why SOA? Enterprise Quality are immersed in change management - working from the "As-Is" to the "To-Be". SOA, if delivered as an architectural style, has the promise of delivering tighter coupling with the business drivers and strategy of the organization, lower cost profiles and effective reuse. Web Service-Enterprise Quality Of Service course develops and fosters a common understanding of SOA in order to facilitate alignment between the business and information technology communities. It takes a top down business approach, as supported by TOGAF and other standards developed in The Open Group and emphasizes the need for integration in a holistic Enterprise Architecture environment.

Course Content


Web-Services Enterprise QOS
Introduction

  • WS-* Specifications (Generic specs)
  • WS-Policy
  • WS-Addressing
  • WS-Routing
  • Interoperability (WSIT) & WS-* Specifications for Security, Reliability, Transaction
  • WS-I
  • WSIT (Project Tango) Overview
  • Web Services Transaction

Security Basics

  • Common Security Threats
  • Identity Interception
  • Replay Attack
  • Data Interception and manipulation
  • Repudiation
  • Denial Of Service
  • Network Security Needs
  • Authentication
  • Access Control
  • Data Confidentiality
  • Data Integrity
  • Non Repudiation
  • Auditing

Codifying security policies

  • Introducing declarative security
  • Policy consolidation for planning and consistent enforcement
  • Use at design time to ensure interoperability
  • Use at runtime to ensure interoperability

Canonical XML and Exclusive XML
Canonicalization

  • Introduction
  • Canonicalizing an XML document
  • Exclusive XML Canonicalization
  • Problematic Scenarios

SAML and XACML

  • SAML History and Overview
  • SAML 2.0 New Features
  • SAML-related features in XACML
  • SAML in Web Services Security
  • Assertions
  • Bindings
  • Profiles
  • Protocols

Using digital signatures

  • The basics of XML signatures
  • Challenges in signing XML
  • XML canonicalization
  • Signing SOAP messages
  • Signing order creation request
  • Sender-side implementation
  • Receiver-side implementation
  • Practical issues with signatures
  • Three rules of signatures
  • Mixing encryption and signatures
  • Which canonicalization scheme?
  • Protecting confidentiality of messages using encryption

Encryption in action

  • The basics of encryption
  • Types of encryption algorithms
  • PKI: A framework for encryption
  • Programming with digital certificates
  • Creating digital certificates
  • Point to point encryption with digital certificates (SSL/TLS)
  • Java APIs for encryption
  • Encrypting SOAP messages
  • Sending user credentials with selective encryption
  • Encrypting-side implementation
  • Decrypting-side implementation
  • Practical issues with encryption

Extending SOAP for security

  • Finding the right approach for security in SOAP
  • Lessons from web authentication schemes
  • Authentication at the HTTP layer
  • Choices for security implementation in SOAP
  • Extending SOAP with headers
  • Anatomy of a SOAP header
  • Standard header entry attributes
  • WS-Security: The standard extension for security
  • Introduction to WS-Security
  • Identifying a brokerage service user
  • Processing SOAP extensions using handlers
  • How handlers work
  • Outline of the solution
  • Implementing a server-side JAX-WS handler
  • Implementing a client-side JAX-WS handler
  • Handler chains
  • Configuring handlers and handler chains
  • Processing SOAP extensions using intermediaries
  • Preserving the endpoint information: WS-Addressing

SOAP processing rules for
intermediaries

  • SOAP Extensions
  • What should go into the headers?
  • How do we standardize on headers?
  • How many handlers?
  • How do we support handlers? s with selective encryption

Declarative Security

  • Interoperability challenges in SOA security
  • Sources of incompatibility
  • Solving Incompatibilities
  • WS-I basic security profile

WS-Policy

  • Discovering Policies
  • Policy Attachment Points
  • Effective Policy
  • WS-MetadataExchange

WS-Security Policy

  • WS-SecurityPolicy:Subjectbased Classification
  • WS-SecurityPolicy: Functional Classification
  • Classification of WS-SecurityPolicy
  • Assertions

Security Binding or Security Patterns

  • WS-Security and WS-Trust Conformance
  • Supporting Token Assertions
  • Security Assertion for messages
  • Token Assertions(Lower level Assertions)
  • "Implementation" to an "interface"

WS-Security Internals

  • WSS: SOAP Message Security-Binary Security Token
  • WSS: SOAP Message Security-Username Token(Default)
  • WSS: SOAP Message Security-Username Token(Hashed)
  • WSS: SOAP Message Security-Timestamp
  • WSS: SOAP Message Security-Security Token Reference
  • WSS: SOAP Message Security-Direct Reference
  • WSS: SOAP Message Security-Key Identifier
  • WSS: SOAP Message Security-X.509 Certificate
  • WSS: SOAP Message Security-X.509 Certificate(Issuer Serial)
  • WSS: SOAP Message Security-X.509 Certificate(Thumb print)
  • WSS: SOAP Message Security
  • wssonc:DerivedKeyToken

WS-SECURITY POLICY Internals

  • Token Assertions(Lower level Assertions)-Common Properties
  • Security Binding or Security Patterns
  • Security Binding or Security Patterns-Properties
  • Security Binding or Security Patterns-Properties(Protection Order)
  • Security Binding or Security Patterns-Properties(Layout)
  • Security Binding or Security Patterns-Symmetric Binding
  • Security Binding(Processing Sequence)
  • Security Binding or Security Patterns-Asymmetric Binding
  • Security Binding(Processing Sequence)
  • Security Binding or Security Patterns-Transport Binding

Supporting Token Assertions

  • SupportingTokensAssertion
  • SignedSupportingTokensAssertion
  • EndorsingSupportingTokensAssertion
  • SignedEndorsingSupportingTokensAssertion
  • SignedEncryptedSupportingTokensAssertion
  • EncryptedSupportingTokensAssertion
  • EndorsingEncryptedSupportingTokensAssertion
  • SignedEndorsingEncryptedSupportingTokensAssertion

Direct Authentication Architecture
Security As a Service

  • Security As a Service-Who invokes the security service?
  • Security As a Service-What is the interface for the security service?

WS-Trust

  • WS-Trust:
  • RequestSecurityToken:Constituens
  • WS-Trust:-RequestSecurityToken:Constituens
  • WS-Trust:-RequestSecurityTokenResponse:Constituents
  • SAML protocol
  • Conveying the findings of a security service: SAML
  • SAML assertion basics
  • AuthenticationStatement
  • Asserting authentication results
  • AttributeStatement:Asserting user attributes
  • AuthorizationDecisionStatement:Asserting authorization decisions
  • Security as a service-How is the security context communicated to
  • the destination endpoint?

Secure Conversation

  • Security as a Service-Issued Token
  • Security as a Service-Issued Token(ISSUED TOKEN STEP)
  • Security as a Service-Issued Token With Service Certificate
  • Security as a Service-STS Issued Endorsing Token
  • Security as a Service-Issued Token with SC
  • Security as a Service-Brokered Trust
  • Security as a Service-STS with SC

Designing SOA security for a real-world
enterprise

  • Meeting the demands of enterprise IT environments
  • Large and diverse user base
  • Long life cycle
  • Robustness
  • Manageability Integration with diverse legacy applications
  • Securing diverse services
  • Services developed from scratch
  • Services wrapping legacy applications
  • Services composed of other services
  • Choosing a deployment architecture
  • For securing services in the intranet
  • For securing services offered to the public
  • For securing services offered to/by partners
  • Making the solution industrial-strength
  • Performance
  • Scalability
  • Availability
  • Vulnerability management
  • Common vulnerabilities
  • XML-specific vulnerabilities
  • Vulnerability remediation workflow

Governance and Security

  • Registry and Repository
  • Registry and Repository Standards
  • Security and Policy Enforcement
  • High Level Patterns of Security

Customer Reviews


Thanks to Xpertised and the tutor who walked me through all the topics with Practical exposure which is helping me in my current project.
-Waseem

Course was quite helpful in terms of understanding of concepts and practicality. Its really a very friendly environment to learn. The timing were mutually chosen, as we both are working professional. I am quite satisfied with the course.
-Tanmoy

...more
Share:

For Batch Details
Call us at: +91 7259222234

Not sure? Consult Our Experts

What is the sum of 4 + 9? (security question)

Looking for a Training for

Myself

My Team/Organization

I agree to be contacted over mail or phone

or
Call us at: +91 7259222234

Subscribe to our weekly newsletter