Professional Web Services Security

At last I have found a decent web services security book. Professional Web Services Security by Wrox. I really like this book as it covers all the specs including WS-Security, SAML and Liberty and all the XML specs including XKMS, XACML, XML Sig, XML Encryption etc. It also has great code examples of using each which is really useful. The best content and broadest coverage I have seen so far (and I have bought a good few to date).Only criticism is no .NET passport. If you like MS or not its an important spec and should be included.

If you look at all the currently available books on Web Services with titles like Essential Web Services, Web Services Architecture or Building Web Services, all of them have absolutely no coverage of security or have a very thin chapter at the end of their book that talks about SSL. Even WROX's XML Web Services lacks in this area. I am glad to see that WROX filled this void.The pro's of this book:-Good coverage of the current security standards such as SSL, XML Signatures, XML Encryption, P3P and XML Key Management.-Good coverage of the emerging security standards such as SAML and XACML.-Not a rehash of the specification's but a fairly good attempt to explain and provide good visual examples. This is always the challenge, the more detail you provide the closer you get to repeating the specification specially on the more recent specifications like XACML. -Well written, good layout, flows well from chapter to chapter.-Good intermediate book. For advanced security readers, I guess it's best to read the specification.The con's of this book: -Table of content on the web says that Chapter 11 is on Secured Web Services but the book actually covers WS-Security. I was very interested in WS-Security with all the different pieces. I was expecting much more from this chapter. It was very short and missed the mark on this very interesting topic. -I would have liked to see the case study's make use of all the security standards discussed in the book not just a few.-I would have liked to see a chapter that tied all these topics together in more detail and also discuss other security standards that were not covered and how this all fits with the current Web Services standards.