Securing Web Services with WS-Security: Demystifying WS-Security, WS-Policy, SAML, XML Signature, and XML Encryption

This book hits the nail on the head. There are a ton of prospective Web Service and security standards floating around. These authors focus on just the ones that matter. XACML, WS-TrustedConversation, etc. etc. may have an impact later on. But today, it is WS-Security, WS-Policy, SAML, XML Signature, and XML Encryption that are the ones that count.

Perfect book for the novice as well as the person that thinks they know it all, but just wants to be sure. With the emergence of Web Services and the security concerns surrounding them, its nice to get an strong grasp on the different components that must be considered. This book does a very nice job at outlining the differences and helps anyone understand the critical need for understanding all aspects of securing Web Services. When put in perspective like this, it makes you realize that implementation is not so hard as long as you know what to implement.

From one of the authors: we have available some material on how to build secure .NET Web services. Some readers of the book may find this helpful in their efforts to build secure Web services on the .NET platform. (...)

I teach a course on Web Services Security, and was in search of a good book that I could recommend to my class. This book was certainly a good find. It goes beyond the hype and chatter associated with Web Services. This book puts a very objective perspective. What I specifically like about the book, is how it ties past lessons learnt with the current technologies and thus, helps us not repeat the mistakes. Also, throughout the book, the authors explain complex security concepts in a lucid manner and simplify (as much as possible) the intricacies of implementing secure web services. There are numerous practical insights and illustrations through out.I would strongly recommend this book for anyone trying to implement WS-* specification based solution. The only thing I would have liked to see in the book is an example with .NET as well. Nevertheless, the book is fairly platform independent (except for chapter 10) and both Java and .NET developers would benefit equally.This is my personal favorite as of now. I also like Web Services Security by Mark O'Neil - but that book is slightly dated now.

This book makes web service security and ws-security easy to understand. It includes diagrams that makes complicated process easy to understand.It also includes samples and screen shots on securing web services using WebLogic Workshop. These step by step demo makes ws-security appears so simple.