Please contact us
for GSA pricing.
Recent Training Venues
Accelebrate has recently trained for clients in the following cities:
- Huntsville, Alabama
- Montgomery / Birmingham, Alabama
- Anchorage, Alaska
- Edmonton & Calgary, Alberta
- Phoenix, Arizona
- Tucson, Arizona
- Fayetteville / Little Rock, Arkansas
- Amsterdam, The Netherlands / Brussels, Belgium
- Vancouver, British Columbia
- Oakland / San Jose / San Francisco, California
- Sacramento, California
- San Diego, California
- Orange County / Los Angeles, California
- Boulder / Colorado Springs / Denver, Colorado
- Washington, DC
- Wilmington, Delaware
- Manchester / London, England
- Orlando, Florida
- Fort Lauderdale / Miami, Florida
- Jacksonville, Florida
- Saint Petersburg / Tampa, Florida
- Alpharetta & Atlanta, Georgia
- Augusta & Savannah, Georgia
- Boise, Idaho
- Chicago, Illinois
- Indianapolis, Indiana
- Cedar Rapids / Des Moines, Iowa
- Dublin, Ireland
- Wichita, Kansas
- Lexington / Louisville, Kentucky
- Baton Rouge/New Orleans, Louisiana
- Portland, Maine
- Hagerstown & Frederick, Maryland
- Annapolis / Baltimore, Maryland
- Boston / Cambridge, Massachusetts
- Hartford, Connecticut / Springfield, Massachusetts
- Ann Arbor / Detroit, Michigan
- Grand Rapids, Michigan
- Saint Paul / Minneapolis, Minnesota
- Jackson, Mississippi
- St. Louis, Missouri
- Kansas City, Missouri
- Lincoln / Omaha, Nebraska
- Reno and Las Vegas, Nevada
- Fredericton / Moncton / Saint John, New Brunswick
- Albuquerque, New Mexico
- Princeton, New Jersey & Philadelphia, Pennsylvania
- Albany, New York
- Buffalo, New York
- White Plains / New York City, New York
- Charlotte, North Carolina
- Durham / Raleigh, North Carolina
- Canton / Akron, Ohio
- Cincinnati, Ohio
- Cleveland & Columbus, Ohio
- Dayton, Ohio
- Tulsa / Oklahoma City, Oklahoma
- Toronto, Ontario
- Portland, Oregon
- Pittsburgh, Pennsylvania
- San Juan, Puerto Rico
- Providence, Rhode Island
- Saskatoon / Regina, Saskatchewan
- Edinburgh / Glasgow, Scotland
- Columbia & Charleston, South Carolina
- Spartanburg & Greenville, South Carolina
- Knoxville, Tennessee
- Memphis / Nashville, Tennessee
- Houston, Texas
- El Paso, Texas
- San Antonio / Austin, Texas
- Dallas, Texas
- Salt Lake City, Utah
- Fairfax / Dulles / McLean / Herndon / Reston, Virginia
- Richmond / Alexandria / Arlington, Virginia
- Virginia Beach / Norfolk, Virginia
- Tacoma / Seattle, Washington
- Charleston, West Virginia
- Madison / Milwaukee, Wisconsin
Java Web Services Security Training: Java Web Services Security
view class outline
Securing Java Web Services Training Overview
Accelebrate's Java Web Services Security Training: Java Web Services Security course teaches attendees the Java® EE and security techniques they need to successfully secure Java web services.
Location and Pricing
Most Accelebrate courses are taught on-site at our clients' locations worldwide for groups of 3 or more attendees and are customized to their specific needs. Please visit our client list to see organizations for whom we have recently delivered training. These courses can also be delivered as live, private online classes for groups that are geographically dispersed or wish to save on the instructor's or students' travel expenses. To receive a customized proposal and price quote private training at your site or online, please contact us.
In addition, some courses are available as live, online classes for individuals. To see a schedule of online courses, please visit http://www.accelebrate.com/online_training/?action=category&page=javaxmlws.
Securing Java Web Services Training Prerequisites
- Experience developing Java Web services is assumed — either via SAAJ or JAX-RPC.
- Students are expected to be able to read and write XML fluently, and have some familiarity with XML Schema.
This class is 70% hands-on, 30% lecture, with the longest lecture segments lasting for 20 minutes.
Securing Java Web Services Training Materials
All attendees will receive comprehensive courseware.
Securing Java Web Services Training Objectives
All attendees will learn how to:
- Understand the unique challenges in securing interoperable XML-based services.
- Apply W3C standards to digitally sign and encrypt XML fragments and documents.
- Understand the importance of the WS-Security specifications to interoperably secure messaging.
- Use state-of-the-art tools to configure or implement signature, encryption, and various WS-Security header content for Java web services.
- Drive such WSS implementations from WS-SecurityPolicy documents.
- "Vouch for" a user across domains to achieve request authorization without sharing credentials.
- Exchange security information between servers, applications, and components, using SAML assertion and protocol models.
- Understand the role of XACML in policy management and decision-making.
- Understand the WS-Trust and WS-Federation architectures for developing the trust relationships that enable service federations and service-oriented architectures.
- Build web applications that participate in SAML federation and single sign-on.
Securing Java Web Services Training Outline
- Securing the Service-Oriented Enterprise
- Security for Web Services
- CIA Goals
- Solution Levels: W3C, OASIS, Java EE
- Scenario: Secure Multi-Party Conversation
- WS-Security and WS-SecurityPolicy
- Scenario: Sharing Security Information
- SAML and XACML
- Scenario: Multiple User Realms
- Scenario: Single Sign-On
- Technology Stacks: WS-Federation and Liberty Alliance
- The WS-I Basic Security Profile
- Transport Security
- Use Case: Secure Transport
- HTTP Authentication Schemes
- HTTP BASIC
- HTTP DIGEST
- Securing Web-Service URLs
- JAX-WS Support
- Axis Support
- XML Signature
- Use Case: Non-Repudiation
- XML Digital Signature
- Cryptography Backgrounder
- Canonical XML
- Enveloped, Enveloping, and Detached Signatures
- SignedInfo and References
- The Java Cryptography Architecture
- Why Keys Aren't Enough
- X.509 Certificates and Certificate Chains
- The KeyStore API
- Java XML Digital Signature API
- Steps to Sign and Verify XML Content
- JAX-WS Message Handlers
- Foiling the Man in the Middle
- XML Encryption
- Use Case: Confidentiality
- XML Encryption
- Element vs. Content Encryption
- Key Wrapping
- The Java Cryptography Extensions
- Apache XML Security
- Steps to Encrypt and Decrypt XML Content
- Choosing Algorithms and Key Sizes
- Use Case: Secure Message Exchange
- Use Case: User Login
- The WS-Security Specifications
- Security Token Types
- Username Tokens
- Signature and Encryption
- Tools for WS-Security
- XWSS and JAAS
- Foiling Replay Attacks
- Use Case: Sharing Metadata
- Normalized vs. Compact Form
- Policy Attachment
- Policy Scopes
- Protection Assertions
- Token Assertions
- Supporting and Endorsing Tokens
- Metro and WSIT
- Implementing Callbacks
- Integrating Security Frameworks
- Introduction to SAML
- History of SAML
- Using OpenSAML
- SAML and Web Services
- SAML Assertions
- Use Case: "Vouching for" a User
- The Assertions Schema
- Assertions and Subjects
- NameID Types
- Subject Confirmation
- Confirmation Methods
- Authentication Contexts
- Attribute Profiles
- Actions and Evidence
- WS-Security and SAML Tokens
- OpenSAML Assertions Model
- Creating XML Objects
- Marshalling and Unmarshalling
- SAML Protocol
- Use Case: Back-Channel Queries
- Requests, Queries, and Responses
- Status and StatusCode
- Other Request and Response Types
- OpenSAML Protocol Model
- SAML and XML Signature
- SAML and XML Encryption
- Use Case: Back-Channel Authorization
- Use Case: Sharing Authorization Policies
- Policies, Policy Sets, and Targets
- Combining Algorithms
- Policy Context
- Request and Response Types
- The SAML Profile of XACML
- Authorization Decisions via XACML
- Securing Federated Services
- Publish, Find, Bind ... Execute!
- The Trust Problem
- The Security Token Service
- Messaging Model: RST and RSTR
- Derived Keys
- Secure Conversation Metrics
- Value Proposition
- SAML Bindings
- Use Case: Speaking "Through" the Browser
- The SOAP Binding
- SAML Over HTTP
- The Browser as Messenger
- The Redirect, POST, and Artifact Bindings
- The PAOS Binding
- The URI Binding
- Federated Identity
- What is Federation?
- Problems for Identity Federation
- SAML 2.0 Federations
- Single Sign-On
- Account Linking and Persistent Pseudonyms
- Transient Pseudonyms
- Name ID Mapping
- Federation Termination
Java® and all Java-based marks are registered trademarks of the Oracle Corporation in the U.S. and other countries.
JBoss®, EAP® (Enterprise Application Platform) and Hibernate® are registered trademarks of Red Hat, Inc. Accelebrate, Inc. has no affiliation with Red Hat, Inc. and no courses offered by Accelebrate, Inc. are endorsed by Red Hat, Inc. in any way.
WebSphere® is a registered trademark of IBM. Accelebrate, Inc. has no affiliation with IBM.
Focuses on You!
Accelebrate’s courses are taught for private groups of 3 or more people at your site or online anywhere worldwide.
Don't settle for a "one size fits all" public class! Have Accelebrate deliver exactly the training you want, privately at your site or online, for less than the cost of a public class.
For pricing and to learn more, please contact us via information request form or phone, or email us at email@example.com today.
| They have very good material that illustrate the concepts clearly.
You will be able to work in your project right away.