Detailed hands-on book
This is an excellent book with a lot of detail. The first few chapters given a good background on SOA and Security issues and challenges around Services.
A practioners perspective but also useful to policy and decision makers
One of the detailed expositions on this subject that I have seen. While it is written to help the architects, designers and developers of services to plan and implement better security, it also gives an excellent overview of the key concepts and challenges.
The book tries to address two key audience groups. One segment is the one with an interest in the broad policy and governance issues related to Security as applied to SOA and service. The other audience segment is from the IT architecture and implementation teams that want to see examples of security as applied to services in the new SOA world. Application and process security issues are explained and illustrated with extensive code samples with detailed walk-throughs of several scenarios.
It is NOT a generic textbook on basics of security or SOA or BPM but is focused on practical issues in architecting and implementing security within SOA and BPM solutions.
There are specific examples of various security models and implementations, including appropriate use of PKI in messages and services, SAML, etc. The authors have provided extensive examples at the publishers website and one of the co-authors has posted some useful links to external reviews and interviews. This was one of the few published books that I have seen discuss Cisco's AON solution.
If you are looking for broader security issues such as intrusion detection, network security, etc. then this is the wrong book. The focus is on Security when implementing a Service Oriented Architecture in an enterprise environment.
The book is physically HEAVY and a very detailed but easy read. I do not recommend reading all the chapters and even the authors seem to agree. It is best to read the initial chapters to cover the concepts and then dive into specific chapters of interest.
Good introduction - Lacks details and practical guidance
I bought this book with lot of expectations but this book FALLS SHORT on providing design and implementation guidance. I likes the introductory coverages and to me it is more like reading Web services security around SOAP and WSDL standards. All I found is about using few Apache Axis samples. It is disappointing to note that this book fully ignored to use standards and technologies such as PKI, SAML and XACML (and its interoperability Profiles), WS-Federation, WS-Trust and related WS-* standards and it's role in SOA based solution archiecture. The authors completely forgot to discuss the core SOA security complexities involved with composing Secure SOA services, securing BPM Workflows, Web services based collaborations, single sign-on and entitlement issues with BPM portals and federated services.
I do agree the introductory part of the book (Chapter 1-2) is a good read beyond that I noticed the book suffers with poorly edited content and it contains highly repetitive content.
(8 reviews)
