Hello authors Welcome. I wanna to know 1. Is the book for beginners? 2. What motivated you to write the book ? 3. Does the book cover web Services security i.e. XML encryption, XML digital signatures etc 4. Do you feel that there are shortcomings in J2EE security?
Let me answer your questions one by one: 1. Is the book for beginners? ANSWER: Yes and no. It is not for Java beginners. We do not explain how to write Java programs. But yes, it can be used by anybody interested in security. No special knowledge of security is required. We explain everything, including the cryptographic algorithms. If a user is an expert, s/he can skip the basics and go to the more advanced chapters. If a user is a beginner, s/he can read the whole book. 2. What motivated you to write the book ? ANSWER: We have presented at several conferences on Java and security: O'Reilly, JavaOne, Colorado Software Summit, etc. At these conferences we were always bombarded with questions on J2EE security, and those questions continued by email later. I had already written another book on Java 2 security ("Java 2 Network Security" published by Prentice Hall), but that covered only J2SE. So we decided that a new book on J2EE was needed. We all have extensive experience with Java security. In fact, we have designed it in collaboration with Sun. 3. Does the book cover web Services security i.e. XML encryption, XML digital signatures etc ANSWER: Yes. 4. Do you feel that there are shortcomings in J2EE security? ANSWER: Not really. Of course, things will be improved in the future. But it is a very nice architecture.
Hope this helps, Marco Pistoia
Marco Pistoia, Ph.D.<br /><a href="http://www.research.ibm.com/people/p/pistoia/" target="_blank" rel="nofollow">http://www.research.ibm.com/people/p/pistoia/</a>
How does your book compare with J2EE Security by Pankaj Kumar?
---------------------------------------------------------------------------- it has been answered here [ April 21, 2004: Message edited by: Mcgill smith ]
Joined: Apr 19, 2004
Web Services security is still evolving. Security is essential for the future of Web Services. Two of the authors, Nataraj Nagaratnam and Anthony Nadalin, are members of the core group that is designing Web Services security. We understand that without security there cannot be future for such a technology. Therefore, we are convinced that security is already and is going to be more and more a key component of Web Services technology. Thanks, Marco
Hi Marco, What are the topics that you have covered for Web Service Security in the new book? As web service security is still evolving, we need a brief guide on that. [ April 21, 2004: Message edited by: iyven koh ]
Nick, The chapter whose link you have posted is not from my book. Looks good though Iyven, In the Web Services security chapter we covered the following topics: XML, SOAP, WSDL, XML and cryptography, WS-Security, Web Services security model principles, Web Services message security, WS-Policy, WS-Trust, WS-SecureConversation, WS-Privacy, WS-Federation, WS-Authorization, application patterns, Web Services provider security, user authentication, and authorization enforcement. Thanks, Marco