Chapter 5. Security policies
This chapter covers
- Providing HTTPS-based access to your services
- Validating message integrity using signatures
- Using federated authentication and authorization using OpenAM
- Implementing an OAuth-based scenario
Policies that deal with security are important for any organization. If you don’t have strict rules that determine how security is implemented within your services, you run a big risk of exposing confidential information. Your customers need to be sure that their credentials are handled correctly and the integrity of the information they send and receive from your service can be guaranteed. Imagine that your company provides sensitive information to its consumers. For instance, your company provides a service where authorized users can access their tax returns for the last couple of years, or your municipality provides a service where you can get an overview of all the information they have gathered on you. For these types of services, you want to ensure that this information is accessed in a secure manner where no one can eavesdrop on this information or pretend to be someone else.