WA1585 SOA for Security Professionals Training and Courseware

538 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
538
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
3
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

WA1585 SOA for Security Professionals Training and Courseware

  1. 1. WA1585 SOA for Security Professionals Training and Courseware This 2-day course will introduce you to the world of service orientation and prepare you to identify, define, diagnose, and implement a comprehensive security strategy for a Service Oriented Architecture (SOA) initiative. SOA opens up a whole realm of security issues due to its ubiquity, decentralization, distributed, and even federated nature. Students will be exposed to a broad range of service orientation topics and enterprise SOA security subjects, providing a solid foundational understanding of valid and in-valid approaches to designing and implementing SOA security. Concepts in this course are re-enforced through a combination of group discussion, live demos and daily reviews. Topics • SOA Fundamentals • Service Layering • SOA Value Proposition • Enterprise Service Bus (ESB) • Service Registries • Information Management • Securing the Service Oriented Enterprise • Security Patterns within SOA • Service Layers • SOA Security Layering • Applying Traditional Security to SOA • SOA Security Standards • SOAP Primer • Digging into WS-Security • SOA Security Threats and Countermeasures • Governing SOA Security Audience Security architects, analysts, and managers as well as system architects and application developers. Prerequisites A working knowledge of basic enterprise security principles and terminology highly recommended. Duration Two days.
  2. 2. WA1585 SOA for Security Professionals Training and Courseware Course Outline 1. SOA Fundamentals • Objectives • SOA in Context • SOA Job Role Impact • Service Oriented Architecture • The SOA Umbrella • SOA and Business Process Management • BPM Value Add • SOA Governance • SOA Governance Model • What s a Service? • Example Services • Service Actors • SOA Motivation • SOA s Goal • The Value of Transitioning from Applications to Services • Is this a New Concept? • Service Orienting the Enterprise • Service Characteristics • About Services in SOA • Contract-driven software • Elements of a Service • What is a Web Service? • How Web Services Work • Web Service Standards • SOA Standards • SOA Capabilities • Service Oriented Thinking • Summary 2. Layers of Services • Objectives • What is Layering? • SOA Layers • Common Layers • Auxiliary Layers • Digesting the Layers
  3. 3. • The Application Service Layer • The Business Service Layer • The Orchestration Layer • Layering Rules of Thumb • SOA User Interface • Portal Site's Context Awareness • Web 2.0 Data Aggregation • Summary 3. SOA Value Proposition • Objectives • The SOA Value Proposition • Reducing integration expense • Integration costs illustration • Ripple effect of changes • The value of SOA layering • SOA reduces integration costs • Increasing asset reuse • Asset reuse illustration • Increasing business agility • Business Agility Illustration • Traditional EAI Approach • Problems with Traditional EAI Approach • Change Flow Using Legacy Approach • SOA Agility • Build the Services • Build the Process • We Can Easily Change the Process • Reducing business risk • Risk reduction illustration • SOA Eases Compliance Risk • Other Advantages • Business Advantages • Hasn t this been said before? • Hasn t this been said before? • ROI Quantification Hurdles • Real World SOA Example 1 • Real World SOA Example 2 • Real World SOA Example 3 • Real World SOA Example 4 • Summary 4. Overview of Service Registries • Objectives • Services Registry
  4. 4. • Why Do We Need a Service Registry? • Main Activities Done Using a Registry • Publish • Discovery • Dynamic Discovery • Management • Enforce Governance Lifecycle • SOA Registry Products • Summary 5. Enterprise Service Bus (ESB) • Objectives • SOA and the ESB Pattern • Loose Coupling • Service Invocation • Business Process • Data Integration • Enterprise Service Bus (ESB) • Legacy System Integration • Unsupported Protocol • The Role of ESB in SOA • ESB: Software Artifacts • ESB - Software Artifacts • Business Process • Business Process: Example • Minimum ESB Capabilities • Minimum ESB Capabilities: Integration • Minimum ESB Capabilities: Communication • Minimum ESB Capabilities: Service Interaction • Minimum ESB Capabilities: Management • Security and ESB • Summary 6. Information Management in SOA • Objectives • Introduction • SOA and Enterprise Information Management • Operational Data Replication Basics • SOA and Data Basics • Data Publishing Event • Modeling Events • Handling Events in a BPEL Process • Data Mediation • Data Format • Generic Data Model
  5. 5. • Example Generic Data Model • Mapping Data • Loading Data • Extract Transform Loading (ETL) • ETL and SOA • Data Federation • Summary 7. SOA Security Overview • Objectives • Traditional systems • Loosely-coupled systems • Risks of loosely-coupled services • SOA Security Concerns • Security Stack: Web services • Security Stack: Other services • Discussion Question • Summary 8. Security Patterns • Objectives • Service bus security • Service bus security layers • Application-managed security • Security as a service • Reverse Proxy • ESB Gateway • Discussion Question • Summary 9. Security Layering • Objectives • SOA Layers • Security Layering • Policy-driven Security • PEP/PDP in Action • Separation of concerns • Loosely-coupled security layer • SES/SDS in Action • Layering and service granularity • Security Service Granularity • Process-centric Security • Discussion Question
  6. 6. • Summary 10. Applying Traditional Security to SOA • Objectives • Public Key Infrastructure (PKI) • Digital Signature • Digital Signature Process • Certificates • Authentication • Basic HTTP Authentication • Secure Socket Layer (SSL) • Basic Authentication Over HTTPS • Securing non-HTTP Traffic • Summary 11. SOA Security Standards • Objectives • WS-Security • XML Encryption & Signature • SAML • WS-Trust • WS-Trust Interoperability • WS-Federation • WS-SecureConversation • Web Services Policy Framework • WS-SecurityPolicy • Security Standards Review • Summary 12. Simple Object Access Protocol (SOAP) • Objectives • SOAP Overview • SOAP in Protocol Stack • SOAP Components • SOAP HTTP Request Example • SOAP HTTP Response Example • Message Envelope • The Header Element • Header Attributes • SOAP Body • SOAP Fault • Communication Style • RPC/Encoded Style
  7. 7. • RPC/Literal Style • Enabling RPC Styles • Document/Literal Style • Document/Literal Wrapped Style • Details of the Wrapped Style • Enabling Document Literal Style • Summary 13. SOA Security Standards • Objectives • SOA Security Model • SOA Security Policies • Transport Level Security Policy • Message Level Security Policy • Data Level Security Policy • Overview of Web Services Security • Securing XML Data • XML Digital Signatures • XML Encryption • WS-Security Tokens • WS-Security Considerations • Putting it all together • Phase 1: The Service-side • Phase 1: Build a secure service • Phase 2: The Client • Phase 2: Build a secure client • Phase 3: Production • Audit Tracking • Identity Assertion Using SAML • SAML SOAP Example • Summary 14. SOA Security Threats and Countermeasures • Objectives • The Price of Open Standards • Generic Vulnerabilities • XML-specific Attacks • Countermeasures • Summary 15. Governing SOA Security • Objectives • Security Governance
  8. 8. • Collecting Security Requirements • Policies and Contract Management • Policy and Contract Management • SOA Security Lifecycle • Governance Model Overview • Models for Governing Security • Discussion Question • Summary Appendix A. Glossary • Glossary • Glossary • Glossary • Glossary Appendix B. Introduction to Web Services • Objectives • A Conceptual Look at Services • Defining Services • SOA Runtime Implementation • SOA Runtime Implementation • What is a Web Service? • Enterprise Assets as Services • Typical Development Workflow • Advantages of Web Services • Web Service Business Models • Case Study: Internal System Integration • Case Study: Business Process Externalization • SOAP Overview • SOAP in Protocol Stack • SOAP Structure • SOAP Message Architecture • Applying SOAP • WSDL Overview • WSDL Structure • Applying WSDL • UDDI Overview • UDDI Terminology • UDDI Structure • Locating a Service • Applying UDDI • WS-I Overview • WS-I Deliverables • Summary

×