Chapter 6. Implementing Security as a Service

 

8.1. Security as a service

8.1.1. Is a security service technically feasible?

8.1.2. Standards for implementing security as a service

8.2. Analyzing possible uses of a security service

8.2.1. Use case 1: Destination endpoint invokes security service out-of-band

8.2.2. Use case 2: Source endpoint invokes security service out-of-band

8.2.3. Use case 3: Both endpoints invoke security service out-of-band

8.2.4. Use case 4: Security service as an explicit intermediary

8.2.5. Use case 5: Security service as an implicit intermediary

8.3. Conveying the findings of a security service: SAML

8.3.1. SAML assertion basics

8.3.2. AuthenticationStatement: Asserting authentication results

8.3.3. AttributeStatement: Asserting user attributes

8.3.4. AuthorizationDecisionStatement: Asserting authorization decisions

8.4. Example implementation using OpenSAML

8.4.1. Client-side implementation

8.4.2. Security service implementation

8.4.3. Server-side implementation

8.5. Standards for security service interfaces

8.5.1. WS-Trust

8.5.2. SAML protocol

8.6. Summary

Suggestions for further reading