This week's book giveaway is in the Servlets forum.
We're giving away four copies of Murach's Java Servlets and JSP and have Joel Murach on-line!
See this thread for details.
The moose likes Security and the fly likes To authors Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "To authors" Watch "To authors" New topic
Author

To authors

Pradeep bhatt
Ranch Hand

Joined: Feb 27, 2002
Posts: 8903

Hello authors
Welcome.
I wanna to know
1. Is the book for beginners?
2. What motivated you to write the book ?
3. Does the book cover web Services security i.e. XML encryption, XML digital signatures etc
4. Do you feel that there are shortcomings in J2EE security?


Groovy
Marco Pistoia
Author
Greenhorn

Joined: Apr 19, 2004
Posts: 27
Let me answer your questions one by one:
1. Is the book for beginners?
ANSWER: Yes and no. It is not for Java beginners. We do not explain how to write Java programs. But yes, it can be used by anybody interested in security. No special knowledge of security is required. We explain everything, including the cryptographic algorithms. If a user is an expert, s/he can skip the basics and go to the more advanced chapters. If a user is a beginner, s/he can read the whole book.
2. What motivated you to write the book ?
ANSWER: We have presented at several conferences on Java and security: O'Reilly, JavaOne, Colorado Software Summit, etc. At these conferences we were always bombarded with questions on J2EE security, and those questions continued by email later. I had already written another book on Java 2 security ("Java 2 Network Security" published by Prentice Hall), but that covered only J2SE. So we decided that a new book on J2EE was needed. We all have extensive experience with Java security. In fact, we have designed it in collaboration with Sun.
3. Does the book cover web Services security i.e. XML encryption, XML digital signatures etc
ANSWER: Yes.
4. Do you feel that there are shortcomings in J2EE security?
ANSWER: Not really. Of course, things will be improved in the future. But it is a very nice architecture.

Hope this helps,
Marco Pistoia


Marco Pistoia, Ph.D.<br /><a href="http://www.research.ibm.com/people/p/pistoia/" target="_blank" rel="nofollow">http://www.research.ibm.com/people/p/pistoia/</a>
Pradeep bhatt
Ranch Hand

Joined: Feb 27, 2002
Posts: 8903

3. Does the book cover web Services security i.e. XML encryption, XML digital signatures etc
ANSWER: Yes.

What do you feel about the future of Web Services security?
[ April 21, 2004: Message edited by: Pradeep Bhat ]
Pradeep bhatt
Ranch Hand

Joined: Feb 27, 2002
Posts: 8903

How does your book compare with J2EE Security by Pankaj Kumar? :roll:
Mcgill Smith
Ranch Hand

Joined: Nov 11, 2003
Posts: 178
How does your book compare with J2EE Security by Pankaj Kumar?

----------------------------------------------------------------------------
it has been answered here
[ April 21, 2004: Message edited by: Mcgill smith ]

Regards
Mcgill
Marco Pistoia
Author
Greenhorn

Joined: Apr 19, 2004
Posts: 27
Web Services security is still evolving. Security is essential for the future of Web Services. Two of the authors, Nataraj Nagaratnam and Anthony Nadalin, are members of the core group that is designing Web Services security. We understand that without security there cannot be future for such a technology. Therefore, we are convinced that security is already and is going to be more and more a key component of Web Services technology.
Thanks,
Marco
iyven koh
Ranch Hand

Joined: Jun 16, 2003
Posts: 66
Hi Marco,
What are the topics that you have covered for Web Service Security in the new book? As web service security is still evolving, we need a brief guide on that.
[ April 21, 2004: Message edited by: iyven koh ]
Nicholas Cheung
Ranch Hand

Joined: Nov 07, 2003
Posts: 4982
I have post the link for the sample chapter of Web Services:
http://www.coderanch.com/t/133388/Security/WebServices-Security
You may interest in downloading it and read it.
Nick


SCJP 1.2, OCP 9i DBA, SCWCD 1.3, SCJP 1.4 (SAI), SCJD 1.4, SCWCD 1.4 (Beta), ICED (IBM 287, IBM 484, IBM 486), SCMAD 1.0 (Beta), SCBCD 1.3, ICSD (IBM 288), ICDBA (IBM 700, IBM 701), SCDJWS, ICSD (IBM 348), OCP 10g DBA (Beta), SCJP 5.0 (Beta), SCJA 1.0 (Beta), MCP(70-270), SCBCD 5.0 (Beta), SCJP 6.0, SCEA for JEE5 (in progress)
Marco Pistoia
Author
Greenhorn

Joined: Apr 19, 2004
Posts: 27
Nick,
The chapter whose link you have posted is not from my book. Looks good though
Iyven,
In the Web Services security chapter we covered the following topics: XML, SOAP, WSDL, XML and cryptography, WS-Security, Web Services security model principles, Web Services message security, WS-Policy, WS-Trust, WS-SecureConversation, WS-Privacy, WS-Federation, WS-Authorization, application patterns, Web Services provider security, user authentication, and authorization enforcement.
Thanks,
Marco
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: To authors
 
Similar Threads
A Question for JBoss at Work Authors
To authors :Web services security
J2EE 1.4: The Big Picture
Core Security patterns book for J2EE
* Welcome Frank Zammetti