HIGHLIGHT A practitioner’s guide to implementing and architecting security in enterprises that use SOA. Covers WS-Security, XML Encryption, XML Signatures, and SAML. It is the only book in the market that is hands-on, at the code level. DESCRIPTION Anyone seeking to implement SOA Security is forced to dig through a maze of inter-dependent specifications and API docs that assume a lot of prior security knowledge on the part of readers. Getting started on a project is proving to be a huge challenge to practitioners. This book seeks to change that. It provides a bottom-up understanding of security techniques appropriate for use in SOA without assuming any prior familiarity with security topics. Unlike most other books about SOA that merely describe the standards, this book helps readers learn through action, by walking them through sample code that illustrates how real life problems can be solved using the techniques and best practices described in the standards. It simplifies things: where standards usually discuss many possible variations of each security technique, this book focuses on the 20% of variations that are used 80% of the time. This keeps the material covered useful for all readers except the most advanced. KEY POINTS • Why SOA Security is different from ordinary computer security, with real life examples from popular domains such as finance, logistics, and government • Uses open source tools and code examples to show how things work. This knowledge is then useful for work with proprietary tools. • Assumes no prior security knowledge MARKET INFORMATION One of the major obstacles to implementing SOA in enterprises is the difficulty in grasping what is different about security in SOA. There is a lot of published material out there about SOA security—but it does not provide the specifics on how to plan, design, and implement enterprise-class SOA security architecture. This book addresses that challenge in a hands-on way.