Part II. Building blocks of SOA security
Part II introduces the techniques you can use for addressing the following fundamental concerns of SOA security:
- Claiming and verifying identity (authentication)
- Protecting confidentiality of messages (chapter 6)
- Verifying message integrity and guarding against repudiation (chapter 7)
The techniques we will describe in this part form the basis for most of the discussion in part III, where we discuss enterprise SOA security. In this sense, we can think of the techniques described in part II as the fundamental building blocks of SOA security. Examples used in this part are deliberately kept simple and academic, as the goal here is to illustrate one building block of SOA security at a time.
You will learn about PKI, Kerberos, XML Encryption, XML Signatures, WS-Security, and WS-SecureConversation. You will use Apache Axis and JAX-RPC handlers, first introduced in part I along with Apache XML Security libraries, Java Authentication and Authorization Service (JAAS) framework, and the Java bindings of the General Security Services (JGSS) API to see each of the technologies we introduce in this part in action.
This chapter covers
- Password-based authentication
- Plain-text passwords
- Digest authentication