Your Account | Cart Cart | Your Lists | Help | Gold Box
Join Amazon Prime and ship Two-Day for free and Overnight for $3.99. Already a member? Sign in.


Sign in to turn on 1-Click ordering. users save 1.57% on Amazon. Learn how.
More Buying Choices
Have one to sell? Sell yours here
Mastering Web Services Security
Mastering Web Services Security (Paperback)
by Hartman, Beznosov, Flinn, Bret Hartman, Donald J. Flinn, Konstantin Beznosov, Shirley Kawamoto "In today's global marketplace, the Internet is no longer just about email and Web sites..." (more)
Explore: Citations | Books on Related Topics | Concordance | Text Stats | SIPs | CAPs
Browse: Front Cover | Copyright | Table of Contents | Excerpt | Index | Back Cover | Surprise Me!
(5 customer reviews)    
List Price: $40.00
Price: $28.00 & this item ships for FREE with Super Saver Shipping. Details
You Save: $12.00 (30%)

Availability: In Stock. Ships from and sold by

Also Available in: List Price: Our Price:
Digital (Download: Adobe Reader) $40.00 $25.20

Better Together
Buy this book with Web Services Security by Mark O'Neill today!
Mastering Web Services Security Web Services Security
Buy Together Today: $62.99

Editorial Reviews
Book Description
  • Uncovers the steps software architects and developers will need to take in order to plan and build a real-world, secure Web services system
  • Authors are leading security experts involved in developing the standards for XML and Web services security
  • Focuses on XML-based security and presents code examples based on popular EJB and .NET application servers
  • Explains how to handle difficult-to-solve problems such as passing user credentials and controlling delegation of those credentials across multiple applications
  • Companion Web site includes the source code from the book as well as additional examples and product information

Book Info
Quickly learn how to build a secure Web services system using available programming tools, models, and specifications. Covers the different ways to create a secure .NET Web service. Softcover.

See all Editorial Reviews

Product Details

Inside This Book (learn more)
First Sentence:
In today's global marketplace, the Internet is no longer just about email and Web sites. Read the first page
Statistically Improbable Phrases (SIPs): (learn more)
framework security facilities, simple unconstrained delegation, remoted objects, core security services, web services security, securing web services, security policy server, invocation credentials, private keying material, authentication assertion, authentication evidence, impersonation mode, different security technologies, remotable objects, security context information, security policy data, perimeter tier, attribute assertion, delegation constraints, method permissions, middleware security, secure interoperability, enterprise security architecture, digital signature specification, artifact profile
Capitalized Phrases (CAPs): (learn more)
Liberty Alliance, Success Audit, Security Object Access, Microsoft Corporation, Getting Started, Sun Microsystems, Enterprise Edition, Enterprise Java Beans, Java Community Process, Secure Sockets Layer, Universal Description, Active Directory, Microsoft Passport, Secure Exchange, List Folder, Microsoft Windows, Network Figure, Send Joe, Simple Mail Transfer Protocol, Uniform Resource Identifiers, Usage Scenarios, World Wide Web Consortium
Books on Related Topics | Concordance | Text Stats
Browse Sample Pages:
Front Cover | Copyright | Table of Contents | Excerpt | Index | Back Cover | Surprise Me!
Search Inside This Book:

Tag this product (What's this?)
Your tags: Add your first tag

Customers tagged this product with
First tag: web services (Stephen Saucier on Jun 8, 2006)
Last tag: security
Search Products Tagged with

Customer Reviews
Average Customer Review:
Write an online review and share your thoughts with other customers.
Search Customer Reviews (What's this?)

3 of 5 people found the following review helpful:

Good Perspective on Securing Web Services Apps, April 29, 2003
Reviewer:L. GRAF (San Francisco, CA) - See all my reviews
Mastering Web Services Security provides a valuable enterprise perspective on building secure Web Services applications. Rather than focusing on a single technology like .NET or Java, the book provides useful real-world guidelines for building Web Service based systems that use many different products.

Some previous reviews of this book thought that EASI was exclusively a description of the product from the authors' company. I didn't see it that way -- in fact, I didn't see any specific details describing vendor products based on EASI. I viewed EASI more as an architectural technique that can be applied to many vendor products. Different Web Services vendors of Service Oriented Architectures (SOAs) offer frameworks that look like EASI, which makes this book useful when evaluating those alternatives.

3 of 4 people found the following review helpful:

good for developers of complex secure WS applications, April 20, 2003
Reviewer:"ktoto984" (San Jose, CA) - See all my reviews
The book does a great job explaining how to build non-trivial WS systems that are secure from end to end. Instead of limiting the material to descriptions of SOAP-related technologies and their security (this is what the other books I've read on WS security do), the authors first explain how to secure quickly a simple homogenous (M$-based) WS application, then point out the problems with such a simple-minded approach, and then devote the rest of the book to the question of securing complex heterogeneous WS applications by putting all necessary pieces together.

The first part also has a good introduction into the building blocks for WS security solutions, including not only SOAP and XML security, but also security of the underlying middleware technologies. Here, they could do a better job on going into more details about WS-Security spec and its friends. In the second part, they show how to use those building blocks together. Again, chapters on security of Java-based WS and the security interoperability lack a good structure and some times are just confusing.

From reading the book, it became clear to me that WS security is yet another instance of the old problem of enterprise security integration, although with a SOAP twist. Therefore, many methods from middleware security can be used for securing WS applications. I would recommend reading this book only to those who build complex heterogeneous WS applications.

7 of 11 people found the following review helpful:

Quadrasis EASI Web services security - user guide !, February 2, 2003
Reviewer:Craig Anderson "canders" (Sanjose, CA) - See all my reviews
This book covers the basics and fundamentals of Web services security and industry specs to an extent and quite good.

This book promotes Quadrasis EASI security kit (like a UserGuide) which made me so annoying! It does not provide practical examples from industry leading security vendors like Netegity TransactionMinder, SunONE Identity server etc.

If you are looking for implementing XML Security using Netegrity TransactionMinder, Microsoft Passport, SunONE Identity server..then this book is a WRONG CHOICE. You may find this book more appropriate if you are a Quadrasis user.

10 of 11 people found the following review helpful:

Good Basics - Not a 'Mastering' Security book, January 29, 2003
Reviewer:Prasad Reddy "Prasad" (Sanjose, CA) - See all my reviews
If you are looking to compare this book with "Mastering EJB" by Ed Roman then you are making a big mistake! This books is very focussed on Quadrasis EASI implementation ( I never heard off).
(+) Good high level book for concepts.
(+) This book covers well all emerging Web services security specs including WS-Security, SAML, .NET Security etc.
(-) Only address Proprietory technologies from Netegrity and Quadrasis (Quite upsetting).
(-) Not enough examples to cover all the security specs.

(-) No discussion on implementing Liberty and Passport technologies.

5 of 5 people found the following review helpful:

An EASI read, with some gaps, January 26, 2003
Reviewer: A reader
This was the first Web services security book which I've read. Overall my impression on this book is pretty positive. Here are my thoughts on this book:

- The writing and examples are clear. The glossary is a nice touch. The book avoids spending much time on a "101 of Web services" section, and that's probably a good thing, since plenty of books cover that already. Plus, anyone who buys this book will know the basics of Web services already.

- Much of the book focuses on applying the Quadrasis "EASI" security framework to Web services, unsurprisingly I guess since the four authors all work for Quadrasis. Some of the code examples require an instance of the EASI framework to work, which is limiting to people who are not using Quadrasis software (I don't think there is anyone else with product which implements the EASI framework). For examples of authentication and authorization in Java, i'd prefer to have seen JAAS used. I think the book would have been more accurately named "Mastering Web Services Security using the EASI Framework".

- Any book on Web services security right now is going to be a picture of a moment in time, because of the evolving standards in this area, e.g. information about timestamps and nonces in WS-Security isn't included, so probably the book was written before the WS-Security Addendum was released. Ditto WS-SecureConversation, WS-Policy, and WS-Trust - most likely published after this book was written. I'd like to have seen this information, plus concrete information about SAML assertions in SOAP messages, in the book.

- XKMS is missing from the book. This was a big surprise, since like most people, I'd see XKMS as a fundamental Web services security technology. Also, XACML only gets a half a page.

- The sections on the IIS web server are very strong.

- Netegrity SiteMinder is covered, but Netegrity TransactionMinder is not. This was a surprise.

So overall, this book is strong on the EASI framework, and is well written. If you think you're likely to use EASI for your Web services security, I'd definitely recommend it.

Customer Discussions Beta (what's this?)  Help
Amazon customers talk about this product and related topics.
Related forums
This product's forum (0)
This product's forum

Ask questions. Share opinions. Gain insight. Start the discussion.
Your new discussion will be added to:
 This product's forum

ProductWiki: Product Information from Our Customers (What's this?)
Be the first person to add product information.

So You'd Like to...
Create your guide

This Book and You

Where's My Stuff?
• Track your recent orders.
• View or change your orders in Your Account.
Shipping & Returns
• See our shipping rates & policies.
Return an item (here's our Returns Policy).
Need Help?
• Forgot your password? Click here.
Redeem or buy a gift certificate.
Visit our Help department.
Search   for Home   |   Directory of All Stores

Our International Sites: Canada   |   United Kingdom   |   Germany   |   Japan   |   France   |   China

Help   |   Shopping Cart   |   Your Account   |   Sell Items   |   1-Click Settings

Investor Relations   |   Press Room   |   Careers

Conditions of Use | Privacy Notice © 1996-2006,, Inc. or its affiliates