Students who can benefit from this course are business component and client application developers, system integrators, IT architects, and other technical personnel who are creating web services and are interested in implementing standard security mechanisms in their web service applications. In addition, Java EE 5 software developers planning on implementing and securing web services can also benefit from this course. Students who can benefit from this course are interested in implementing Service Oriented Architecture (SOA) in their enterprise.

• Demonstrate some knowledge of the declarative programming concepts used in the Java EE technology and be able to create simple Java EE applications
• Create a Java web service
• Demonstrate proficiency with XML and interpret XML documents
• Display experience with the Java programming language and distributed programming (multi-tier architecture)

• Identify the need to secure web services
• List and explain the primary elements and concepts of application security
• Outline the factors that must be considered when designing a web service security solution
• Describe the issues and concerns related to securing web service interactions
• Analyze the security requirements of web services
• Identify the security challenges and threats in a web service application
• Evaluate the tools and technologies available for securing a Java web service
• Secure web services by using application-layer security, transport-layer security, and message-layer security
• Describe the concept of identity and the drivers behind identity management solutions
• Explain the role of Sun Java System Access Manager in securing web services
• Secure web services by using WS-I BSP token profiles
• Secure web services by using Liberty token profiles

Module 1 - Encapsulating the Basics of Security

• Summarize the characteristics of web services and analyze the impact on application security
• Examine how the data exposed by a web service can impact its security requirements
• Describe the security principles of web architecture
• Describe the characteristics of application security
• Describe the technologies used to implement application security
• Identify the security issues in a web service model
• Evaluate the security requirements of web services

Lab 1 - Exploring the Auction Application

• Start the Application Server database
• Deploy the credit card web service
• Deploy the auction application
• Explore the auction application
• Run the auction application

Module 2 - Examining Web Services Security Threats and Countermeasures

• Identify the security requirements of web services
• List the features that are typically provided by a properly implemented security mechanism
• List the security principles for web services
• Identify the security challenges and threats in a web service application
• Identify the technologies to address the security challenges in a web service application
• Explain the need for a web services security model
• Describe the primary mechanisms to secure web services

Lab 2 - Examining Security Threats and Countermeasures

• Evaluate the security needs of the auction application
• Identify security solutions for the auction application
• Evaluate security in the auction application

Module 3 - Overview of Web Services Security Solutions

• Explain the web service framework
• Explain the need to establish standards for web services security
• Describe the various web services security solutions
• Describe Project Metro
• Define Web Services Interoperability Technology (WSIT)
• Describe the Metro security specifications

Lab 3 - Designing Security for Web Services Applications

• Analyze web services security needs

Module 4 - Securing Java Web Services Using Application-Layer and Transport-Layer Security

• Identify the various methods to implement security in Java Platform, Enterprise Edition (Java EE platform) applications
• Describe how to use Secure Sockets Layer (SSL) to secure a Java EE 5 web service application
• Outline the security mechanisms used by Java EE 5 web-tier applications
• State the functions of the Java EE 5 authentication service
• Describe how to secure web services by using application-layer security and transport-layer security

Lab 4 - Implementing Application-Layer and Transport-Layer Security

• Implement basic authentication for a web service
• Implement transport-layer security for a web service

Module 5 - Securing Java Web Services Using Message-Layer Security

• Explain message-layer security and its advantages
• Explain the WS-Policy specification
• Describe how to attach policy assertions to a Web Services Description Language (WSDL) file
• Describe the web services security technology in Metro
• Explain the security specifications implemented by Metro
• Describe how to configure web services security by using Metro
• Describe how to configure web services security by using the NetBeans Metro plug-in
• Explain how GlassFish offers integrated support for the web services security standards
• Describe how to configure GlassFish for message security
• Describe how to enable application-specific web services security by using GlassFish
• Describe how to enable message security in a client application by using GlassFish

Lab 5 - Implementing Message-Layer Security

• Secure an interoperable web service using Metro 1.2
• Secure a web service using Secure Token service (STS)
• Secure web services using the message security providers available in GlassFish

Module 6 - Relating Web Services Security and Identity Management

• Define the concept of identity and identity management
• Describe the need for identity management
• Describe the business drivers for identity management
• Identify the technologies behind an identity management solution
• Describe the capabilities of Sun Java System Access Manager 7.1
• Describe the components and features of Sun Java System Access Manager 7.1
• Describe identity management support in NetBeans IDE
• Describe how to install Sun Java System Access Manager 7.1

Lab 6 - Installing and Configuring Access Manager

• Install and configure Access Manager 7.1 Patch 1

Module 7 - Securing Web Services Using WS-I BSP Token Profiles

• Explain the Security Assertion Markup Language (SAML)
• Demonstrate SSO system flow by using SAML tokens
• Describe how to configure SAML support on Access Manager
• Describe how to enable SAML-based authentication to secure a web service client and a web service provider by using Access Manager
• Describe how to secure web services by using WS-I BSP tokens

Lab 7 - Securing Web Services Using WS-I BSP Token Profiles

• Secure web services using the WS-I BSP SAML-HolderOfKey security mechanism
• Secure web services using the WS-I BSP UserNameToken security mechanism
• Secure web services using the WS-I BSP X509Token security mechanism

Module 8 - Securing Web Services Using Liberty Token Profiles

• Describe the network identity implementation
• Describe the Liberty Alliance project and the Liberty specification
• List and explain the web services security providers in Sun Java System Access Manager 7.1
• Describe federated identity
• Explain Liberty web services and Liberty process flow
• Describe how to secure web services by using Liberty tokens

Lab 8 - Securing Web Services Using Liberty Tokens

• Secure web services using the LibertyBearerToken security mechanism
• Secure web services using the LibertySAMLToken security mechanism
• Secure web services using the LibertyX509Token security mechanism