Chapter 8. Implementing security as a service
This chapter covers
- SAMLAssertions
- OpenSAML
- WS-Trust and SAML protocol
In part II, you saw some of the technological building blocks needed to implement security for web services: authentication, encryption, and signatures. If you are going to secure only a few simple services, what you have learned up to this point should hold you in good stead. For example, if you are an application developer simply seeking to secure the services offered by your back-end modules to your front-end modules, you already know enough to get your work done.
If you are developing or implementing an enterprise-class SOA security solution, there are a few more fundamental pieces that are needed to develop full-fledged frameworks, strategies, and architectures.[1] In particular, we must address the security management issues that we described in the first chapter. To recap, enterprise SOA security solutions need to address the following concerns: