Call : (+91) 968636 4243
Mail : info@EncartaLabs.com
EncartaLabs

Web Service-Enterprise Quality Of Service

( Duration: 4 Days )

Web Service – Enterprise Quality Of Service training course is designed for Enterprise Quality and IT Professionals who want to take an architected approach to the development of SOA in their enterprises. This course is based on the work achieved in The Open Groups SOA Work Group and describes how TOGAF is used to define SOA and is geared towards providing the Enterprise Architect with an approach, a process and some basic tools and techniques that have proven to be of benefit in the development of Enterprise Architecture based SOA.

This course develops and fosters a common understanding of SOA in order to facilitate alignment between the business and information technology communities. It takes a top down business approach, as supported by TOGAF and other standards developed in The Open Group and emphasize the need for integration in a holistic Enterprise Architecture environment.

By attending Web Service – Enterprise Quality Of Service workshop, delegates will learn to:

  • Fundamental knowledge of service-oriented architecture (SOA)
  • Knowledge of the role Web services play within an SOA
  • Knowledge of Web service standards
  • Experience with the administration of WebSphere Application Server v6.1 or higher

COURSE AGENDA

1

Introduction

  • WS-* Specifications (Generic specs)
  • WS-Policy
  • WS-Addressing
  • WS-Routing
  • Interoperability (WSIT) & WS-* Specifications for Security, Reliability, Transaction
  • WS-I
  • WSIT (Project Tango) Overview
  • Web Services Transaction
2

Security Basics

  • Common Security Threats
  • Identity Interception
  • Replay Attack
  • Data Interception and manipulation
  • Repudiation
  • Denial Of Service
  • Network Security Needs
  • Authentication
  • Access Control
  • Data Confidentiality
  • Data Integrity
  • Non Repudiation
  • Auditing
3

Codifying security policies

  • Introducing declarative security
  • Policy consolidation for planning and consistent enforcement
  • Use at design time to ensure interoperability
  • Use at runtime to ensure interoperability
4

Canonical XML and Exclusive XML Canonicalization

  • Introduction
  • Canonicalizing an XML document
  • Exclusive XML Canonicalization
  • Problematic Scenarios
5

SAML and XACML

  • SAML History and Overview
  • SAML 2.0 New Features
  • SAML-related features in XACML
  • SAML in Web Services Security
  • Assertions
  • Bindings
  • Profiles
  • Protocols
6

Using digital signatures

  • The basics of XML signatures
  • Challenges in signing XML
  • XML canonicalization
  • Signing SOAP messages
  • Signing order creation request
  • Sender-side implementation
  • Receiver-side implementation
  • Practical issues with signatures
  • Three rules of signatures
  • Mixing encryption and signatures
  • Which canonicalization scheme?
  • Protecting confidentiality of messages using encryption
7

Encryption in action

  • The basics of encryption
  • Types of encryption algorithms
  • PKI: A framework for encryption
  • Programming with digital certificates
  • Creating digital certificates
  • Point to point encryption with digital certificates (SSL/TLS)
  • Java APIs for encryption
  • Encrypting SOAP messages
  • Sending user credentials with selective encryption
  • Encrypting-side implementation
  • Decrypting-side implementation
  • Practical issues with encryption
8

Extending SOAP for security

  • Finding the right approach for security in SOAP
  • Lessons from web authentication schemes
  • Authentication at the HTTP layer
  • Choices for security implementation in SOAP
  • Extending SOAP with headers
  • Anatomy of a SOAP header
  • Standard header entry attributes
  • WS-Security: The standard extension for security
  • Introduction to WS-Security
  • Identifying a brokerage service user
  • Processing SOAP extensions using handlers
  • How handlers work
  • Outline of the solution
  • Implementing a server-side JAX-WS handler
  • Implementing a client-side JAX-WS handler
  • Handler chains
  • Configuring handlers and handler chains
  • Processing SOAP extensions using intermediaries
  • Preserving the endpoint information: WS-Addressing
9

SOAP processing rules for intermediaries

  • SOAP Extensions
  • What should go into the headers?
  • How do we standardize on headers?
  • How many handlers?
  • How do we support handlers? s with selective encryption
10

Declarative Security

  • Interoperability challenges in SOA security
  • Sources of incompatibility
  • Solving Incompatibilities
  • WS-I basic security profile
11

WS-Policy

  • Discovering Policies
  • Policy Attachment Points
  • Effective Policy
  • WS-MetadataExchange
12

WS-Security Policy

  • WS-SecurityPolicy:Subjectbased Classification
  • WS-SecurityPolicy: Functional Classification
  • Classification of WS-SecurityPolicy
  • Assertions
13

Security Binding or Security Patterns

  • WS-Security and WS-Trust Conformance
  • Supporting Token Assertions
  • Security Assertion for messages
  • Token Assertions(Lower level Assertions)
  • “Implementation” to an “interface”
14

WS-Security Internals

  • WSS: SOAP Message Security-Binary Security Token
  • WSS: SOAP Message Security-Username Token(Default)
  • WSS: SOAP Message Security-Username Token(Hashed)
  • WSS: SOAP Message Security-Timestamp
  • WSS: SOAP Message Security-Security Token Reference
  • WSS: SOAP Message Security-Direct Reference
  • WSS: SOAP Message Security-Key Identifier
  • WSS: SOAP Message Security-X.509 Certificate
  • WSS: SOAP Message Security-X.509 Certificate(Issuer Serial)
  • WSS: SOAP Message Security-X.509 Certificate(Thumb print)
  • WSS: SOAP Message Security
  • wssonc:DerivedKeyToken
15

WS-SECURITY POLICY Internals

  • Token Assertions(Lower level Assertions)-Common Properties
  • Security Binding or Security Patterns
  • Security Binding or Security Patterns-Properties
  • Security Binding or Security Patterns-Properties(Protection Order)
  • Security Binding or Security Patterns-Properties(Layout)
  • Security Binding or Security Patterns-Symmetric Binding
  • Security Binding(Processing Sequence)
  • Security Binding or Security Patterns-Asymmetric Binding
  • Security Binding(Processing Sequence)
  • Security Binding or Security Patterns-Transport Binding
16

Supporting Token Assertions

  • SupportingTokensAssertion
  • SignedSupportingTokensAssertion
  • EndorsingSupportingTokensAssertion
  • SignedEndorsingSupportingTokensAssertion
  • SignedEncryptedSupportingTokensAssertion
  • EncryptedSupportingTokensAssertion
  • EndorsingEncryptedSupportingTokensAssertion
  • SignedEndorsingEncryptedSupportingTokensAssertion
17

Direct Authentication Architecture

18

Security As a Service

  • Security As a Service-Who invokes the security service?
  • Security As a Service-What is the interface for the security service?
19

WS-Trust

  • WS-Trust:-RequestSecurityToken:Constituents
  • WS-Trust:-RequestSecurityToken:Constituents
  • WS-Trust:-RequestSecurityTokenResponse:Constituents
  • SAML protocol
  • Conveying the findings of a security service: SAML
  • SAML assertion basics
  • AuthenticationStatement
  • Asserting authentication results
  • AttributeStatement:Asserting user attributes
  • AuthorizationDecisionStatement:Asserting authorization decisions
  • Security as a service-How is the security context communicated to the destination endpoint?
20

Secure Conversation

  • Security as a Service-Issued Token
  • Security as a Service-Issued Token(ISSUED TOKEN STEP)
  • Security as a Service-Issued Token With Service Certificate
  • Security as a Service-STS Issued Endorsing Token
  • Security as a Service-Issued Token with SC
  • Security as a Service-Brokered Trust
  • Security as a Service-STS with SC
21

Designing SOA security for a real-world enterprise

  • Meeting the demands of enterprise IT environments
  • Large and diverse user base
  • Long life cycle
  • Robustness
  • Manageability
  • Integration with diverse legacy applications
  • Securing diverse services
  • Services developed from scratch
  • Services wrapping legacy applications
  • Services composed of other services
  • Choosing a deployment architecture
  • For securing services in the intranet
  • For securing services offered to the public
  • For securing services offered to/by partners
  • Making the solution industrial-strength
  • Performance
  • Scalability
  • Availability
  • Vulnerability management
  • Common vulnerabilities
  • XML-specific vulnerabilities
  • Vulnerability remediation workflow
22

Governance and Security

  • Registry and Repository
  • Registry and Repository Standards
  • Security and Policy Enforcement
  • High Level Patterns of Security

Encarta Labs Advantage

  • One Stop Corporate Training Solution Providers for over 6,000 various courses on a variety of subjects
  • All courses are delivered by Industry Veterans
  • Get jumpstarted from newbie to production ready in a matter of few days
  • Trained more than 50,000 Corporate executives across the Globe
  • All our trainings are conducted in workshop mode with more focus on hands-on sessions

View our other course offerings by visiting https://www.encartalabs.com/course-catalogue-all.php

Contact us for delivering this course as a public/open-house workshop/online training for a group of 10+ candidates.

Top
Notice
X