You are previewing Core Security Patterns: Best Practices and Strategies for J2EE™, Web Services, and Identity Management.
O'Reilly logo
Core Security Patterns: Best Practices and Strategies for J2EE™, Web Services, and Identity Management

Book Description

Praise for Core Security Patterns

Java provides the application developer with essential security mechanisms and support in avoiding critical security bugs common in other languages. A language, however, can only go so far. The developer must understand the security requirements of the application and how to use the features Java provides in order to meet those requirements. Core Security Patterns addresses both aspects of security and will be a guide to developers everywhere in creating more secure applications.

--Whitfield Diffie, inventor of Public-Key Cryptography

A comprehensive book on Security Patterns, which are critical for secure programming.

--Li Gong, former Chief Java Security Architect, Sun Microsystems, and coauthor of Inside Java 2 Platform Security

As developers of existing applications, or future innovators that will drive the next generation of highly distributed applications, the patterns and best practices outlined in this book will be an important asset to your development efforts.

--Joe Uniejewski, Chief Technology Officer and Senior Vice President, RSA Security, Inc.

This book makes an important case for taking a proactive approach to security rather than relying on the reactive security approach common in the software industry.

--Judy Lin, Executive Vice President, VeriSign, Inc.

Core Security Patterns provides a comprehensive patterns-driven approach and methodology for effectively incorporating security into your applications. I recommend that every application developer keep a copy of this indispensable security reference by their side.

--Bill Hamilton, author of ADO.NET Cookbook, ADO.NET in a Nutshell, and NUnit Pocket Reference

As a trusted advisor, this book will serve as a Java developers security handbook, providing applied patterns and design strategies for securing Java applications.

--Shaheen Nasirudheen, CISSP,Senior Technology Officer, JPMorgan Chase

Like Core J2EE Patterns, this book delivers a proactive and patterns-driven approach for designing end-to-end security in your applications. Leveraging the authors strong security experience, they created a must-have book for any designer/developer looking to create secure applications.

--John Crupi, Distinguished Engineer, Sun Microsystems, coauthor of Core J2EE Patterns

Core Security Patterns is the hands-on practitioners guide to building robust end-to-end security into J2EE™ enterprise applications, Web services, identity management, service provisioning, and personal identification solutions. Written by three leading Java security architects, the patterns-driven approach fully reflects todays best practices for security in large-scale, industrial-strength applications.

The authors explain the fundamentals of Java application security from the ground up, then introduce a powerful, structured security methodology; a vendor-independent security framework; a detailed assessment checklist; and twenty-three proven security architectural patterns. They walk through several realistic scenarios, covering architecture and implementation and presenting detailed sample code. They demonstrate how to apply cryptographic techniques; obfuscate code; establish secure communication; secure J2ME™ applications; authenticate and authorize users; and fortify Web services, enabling single sign-on, effective identity management, and personal identification using Smart Cards and Biometrics.

Core Security Patterns covers all of the following, and more:

  • What works and what doesnt: J2EE application-security best practices, and common pitfalls to avoid

  • Implementing key Java platform security features in real-world applications

  • Establishing Web Services security using XML Signature, XML Encryption, WS-Security, XKMS, and WS-I Basic security profile

  • Designing identity management and service provisioning systems using SAML, Liberty, XACML, and SPML

  • Designing secure personal identification solutions using Smart Cards and Biometrics

  • Security design methodology, patterns, best practices, reality checks, defensive strategies, and evaluation checklists

  • End-to-end security architecture case study: architecting, designing, and implementing an end-to-end security solution for large-scale applications



  • Table of Contents

    1. Copyright
      1. Dedication
    2. Praise for Core Security Patterns
    3. Prentice Hall Core Series
    4. Foreword
    5. Foreword
    6. Preface
      1. What This Book Is About
      2. What This Book Is Not
      3. Who Should Read This Book?
      4. How This Book Is Organized
        1. Part I: Introduction
          1. Chapter 1: Security by Default
          2. Chapter 2: Basics of Security
        2. Part II: Java Security Architecture and Technologies
          1. Chapter 3: The Java 2 Platform Security
          2. Chapter 4: Java Extensible Security Architecture and APIs
          3. Chapter 5: J2EE Security Architecture
        3. Part III: Web Services Security and Identity Management
          1. Chapter 6: Web Services Security–Standards and Technologies
          2. Chapter 7: Identity Management–Standards and Technologies
        4. Part IV: Security Design Methodology, Patterns, and Reality Checks
          1. Chapter 8: The Alchemy of Security Design–Security Methodology, Patterns, and Reality Checks
        5. Part V: Design Strategies and Best Practices
          1. Chapter 9: Securing the Web Tier–Design Strategies and Best Practices
          2. Chapter 10: Securing the Business Tier–Design Strategies and Best Practices
          3. Chapter 11: Securing Web Services–Design Strategies and Best Practices
          4. Chapter 12: Securing the Identity–Design Strategies and Best Practices
          5. Chapter 13: Secure Service Provisioning–Design Strategies and Best Practices
        6. Part VI: Putting It All Together
          1. Chapter 14: Building an End-to-End Security Architecture–Case Study
        7. Part VII: Personal Identification Using Smart Cards and Biometrics
          1. Chapter 15: Secure Personal Identification Using Smart Cards and Biometrics
      5. Companion Web Site
      6. Feedback
    7. Acknowledgments
      1. Chris Steel
      2. Ramesh Nagappan
      3. Ray Lai
    8. About the Authors
    9. I. Introduction
      1. 1. Security by Default
        1. Business Challenges Around Security
        2. What Are the Weakest Links?
          1. The Network Services
          2. The Host Operating System (OS)
          3. The Application or Service
        3. The Impact of Application Security
          1. Critical Application Security Flaws and Exploits
            1. Input Validation Failures
            2. Output Sanitation
            3. Buffer Overflow
            4. Data Injection Flaw
            5. Cross-Site Scripting (XSS)
            6. Improper Error Handling
            7. Insecure Data Transit or Storage
            8. Weak Session Identifiers
            9. Weak Security Tokens
            10. Weak Password Exploits
            11. Weak Encryption
            12. Session Theft
            13. Insecure Configuration Data
            14. Broken Authentication
            15. Broken Access Control
            16. Policy Failures
            17. Audit and Logging Failures
            18. Denial of Service (DOS) and Distributed DOS (DDOS)
            19. Man-in-the-Middle (MITM)
            20. Multiple Sign-On Issues
            21. Deployment Problems
            22. Coding Problems
        4. The Four W’s
          1. Which Applications Are We Protecting?
          2. Who Are We Protecting the Applications From?
          3. Where Should We Protect Them?
          4. Why Are We Protecting Them?
        5. Strategies for Building Robust Security
          1. Unified Process for Security Design
          2. Design Patterns
          3. Best Practices
          4. Reality Checks
          5. Proactive Assessment
          6. Profiling
          7. Defensive Strategies
          8. Recovery and Continuity Strategies
        6. Proactive and Reactive Security
        7. The Importance of Security Compliance
          1. Sarbanes-Oxley Act
          2. Gramm-Leach-Bliley Act
          3. HIPPA
          4. The Children’s Online Privacy Protection Act
          5. EU Directive on Data Protection
          6. California’s Notice of Security Breach (1798.29)
          7. Security Compliance in Other Countries
        8. The Importance of Identity Management
          1. Identity Provisioning Services
          2. Identity Data Synchronization Services
          3. Access Management Services
          4. Federation Services
          5. Directory Services
          6. Auditing and Reporting Services
        9. Secure Personal Identification
          1. Personal Identification and Authentication
          2. Smart Card Identity
            1. The Role of Smart Cards in Personal Identification
          3. Biometric Identity
            1. The Role of Biometric Identity in Secure Identification
          4. RFID-Based Identity
            1. The Role of RFID in Secure Identification
        10. The Importance of Java Technology
          1. Security in the Java Platform
        11. Making Security a “Business Enabler”
          1. Case 1–Justifying Identity and Access Management
          2. Case 2–Justifying Proactive Security Approaches
            1. Assumptions
          3. Case 3–Justifying Security Compliance
        12. Summary
        13. References
      2. 2. Basics of Security
        1. Security Requirements and Goals
          1. Confidentiality
          2. Integrity
          3. Authentication
          4. Authorization
          5. Non-Repudiation
        2. The Role of Cryptography in Security
          1. Cryptographic Algorithms
            1. One-Way Hash Function Algorithms
            2. Symmetric Ciphers
            3. Asymmetric Ciphers
            4. Digital Signature
            5. Digital Certificates
            6. The Role of CA in Issuing Certificates
            7. The Role of CA in Revocation of Certificates
            8. Using Certificate Revocation Lists (CRL)
            9. Using the Online Certificate Status Protocol (OCSP)
        3. The Role of Secure Sockets Layer (SSL)
          1. Transport Layer Security (TLS)
          2. Security Issues with SSL/TLS
        4. The Importance and Role of LDAP in Security
          1. The Role of LDAP in J2EE
        5. Common Challenges in Cryptography
          1. Random Number Generation
          2. Key Management
          3. Certificate Revocation Issues
          4. Trust Models
        6. Threat Modeling
        7. Identity Management
          1. Single Sign-on (SSO)
            1. SSO through a Portal
            2. Cross-Domain SSO
            3. How It Works
          2. Federated SSO
            1. Cross-Domain Federations
        8. Summary
        9. References
    10. II. Java Security Architecture and Technologies
      1. 3. The Java 2 Platform Security
        1. Java Security Architecture
          1. The Java Virtual Machine (JVM)
          2. The Java Language
          3. Java Built-in Security Model
            1. Java 2 Security Model
        2. Java Applet Security
          1. Signed Applets
        3. Java Web Start Security
          1. JWS Security Model
          2. JNLP Settings for Security
        4. Java Security Management Tools
          1. Java Keystore
          2. Keytool
            1. Smart Cards and Cryptographic Devices Based Keystores
          3. Policytool
          4. Jarsigner
            1. Signing a JAR file
            2. Verifying a Signed JAR
        5. J2ME Security Architecture
          1. J2ME Configurations
            1. CDC
            2. CLDC
          2. J2ME Profiles
            1. Understanding MIDP and MIDlets
          3. MIDlet Security
            1. Trusted MIDlets
            2. Signed MIDlet Suite
        6. Java Card Security Architecture
          1. Understanding Smart Cards
            1. Smart Card Components
          2. Java Card Technology in Smart Cards
            1. Java Card Runtime Environment and APIs
          3. Java Card Platform Security Model
          4. Java Card Applets
            1. Java Card Applet Development and Installation
            2. Java Card Applet Security
            3. Java Card Development Kit
        7. Securing the Java Code
          1. Reverse Engineering: Disassembling and Decompiling
          2. Code Obfuscation
        8. Summary
        9. References
      2. 4. Java Extensible Security Architecture and APIs
        1. Java Extensible Security Architecture
        2. Java Cryptography Architecture (JCA)
          1. JCA Cryptographic Services
            1. JCA Cryptographic Service Provider
            2. JCA Classes and Interfaces
              1. JCA Provider Classes
              2. JCA Engine Classes
          2. Understanding JCA API Programming Model
            1. Message Digests
              1. Computing a Message Digest Object
            2. Key Pair Generation
            3. Digital Signature Generation
        3. Java Cryptographic Extensions (JCE)
          1. JCE Cryptographic Service Provider
            1. JCE Classes and Interfaces
              1. JCE Provider classes
              2. JCE Engine classes
          2. Understanding the JCE API Programming Model
            1. Encryption and Decryption
              1. Using Block Ciphers
              2. Using Stream Ciphers
            2. Sealed Object
            3. Password-Based Encryption (PBE)
            4. Advanced Encryption Standard (AES)
            5. Computing Message Authentication Code (MAC) objects
            6. Using Key Agreement Protocols
          3. JCE Hardware Acceleration and Smart Card Support
            1. Installing PKCS#11
          4. Using Smart Cards as Java Key Stores
            1. Configuring a Smart card as a Java Keystore
            2. Using Keytool and Jarsigner with Smart Card Tokens
          5. Strong versus Unlimited Strength Cryptography
        4. Java Certification Path API (CertPath)
          1. Java CertPath–Classes and Interfaces
          2. Java CertPath API Programming Model
            1. Create a Certificate Chain Using CertPath
            2. Validate a Certificate Chain Using CertPath
        5. Java Secure Socket Extension (JSSE)
          1. JSSE Provider (SunJSSE)
          2. JSSE Classes and Interfaces
          3. Understanding the JSSE API Programming Model
            1. Secure Socket Connection Using SSL
              1. JSSE Client-side Communication
              2. JSSE Server-side Communication
            2. Mutual Authentication
            3. HTTP Over SSL (HTTPS) Using JSSE
              1. Setting Timeouts in a URLConnection
            4. Proxy Tunneling
            5. Host Name Verification Using JSSE
            6. SSLEngine and Non-Blocking I/O
              1. Using the SSLEngine
        6. Java Authentication and Authorization Service (JAAS)
          1. JAAS Classes and Interfaces
            1. Common Classes
            2. Authentication Classes
            3. Authorization Classes
          2. Understanding the JAAS API Programming Model
            1. JAAS Authentication
            2. Implementing a JAAS LoginModule
            3. Configuring JAAS LoginModule Providers
              1. Configuring JAAS LoginModule for an application
            4. Implementing JAAS Authentication in a Client
            5. JAAS Authorization
            6. Implementing JAAS Authorization
            7. Single Sign-On (SSO) Using the JAAS Shared State
        7. Java Generic Secure Services API (JGSS)
          1. Comparing JGSS with JSSE and JAAS
        8. Simple Authentication and Security Layer (SASL)
          1. Java SASL
            1. Java SASL–API Overview
            2. Installing Java SASL
              1. Client Mechanisms
              2. Server Mechanisms
        9. Summary
        10. References
      3. 5. J2EE Security Architecture
        1. J2EE Architecture and Its Logical Tiers
        2. J2EE Security Definitions
        3. J2EE Security Infrastructure
        4. J2EE Container-Based Security
          1. Declarative Security
          2. Programmatic Security
          3. J2EE Authentication
            1. Container-Based Authentication
              1. HTTP Basic Authentication
              2. Form-Based Authentication
              3. Client/Server Mutual Authentication
              4. HTTP Digest Authentication
            2. Application-Based Authentication
            3. Agent-Based Authentication
          4. Protection Domains
          5. J2EE Authorization
            1. Declarative Authorization
            2. Programmatic Authorization
          6. Java Authorization Contract for Client Containers (JACC)
          7. Transport Layer Security
        5. J2EE Component/Tier-Level Security
          1. Users, Groups, Roles, and Realms
          2. Web- or Presentation-Tier Security
            1. Web-Tier Authentication Mechanisms
              1. HTTP Basic Authentication
              2. Form-Based Authentication
              3. HTTP Basic or Form-Based Authentication over SSL (HTTPS)
              4. Client-Certificate or Mutual Authentication
              5. Digest Authentication
            2. Using JAAS for Web-Tier Authentication
            3. Single Sign-On Authentication for Web Applications
            4. Agent-based Authentication for Web-Tier Applications
            5. HTTP Session Tracking Using Cookies and URL Rewriting
              1. Creating and Assessing an HTTP Session
              2. Examining HTTP Session Properties
              3. Invalidating an HTTP Session
              4. HTTP Session Timeout
            6. Web-Tier Authorization Mechanisms
              1. Security Context and Access Control
              2. Declaring Security and Authorization Constraints
              3. Web-Tier Programmatic Authorization
        6. J2EE Client Security
          1. HTTPS Connection
            1. JAAS Client-Side Callbacks
          2. Secure J2ME Clients
        7. EJB Tier or Business Component Security
          1. EJB Declarative Authorization
          2. EJB Programmatic Authorization
          3. Anonymous or Unprotected EJB Resources
          4. Principal Delegation in EJBs
            1. Run-As
            2. Security Context Propagation from Web Tier to EJB Tier
        8. EIS Integration Tier–Overview
          1. Securing J2EE Connector and EIS
            1. Establishing a Secure EIS Connection
              1. Container-Managed Sign-On
              2. Component-Managed Sign-On
              3. EIS Sign-On Process
          2. Securing JMS
            1. JMS Provider Authentication
            2. Access Control for JMS Destinations
            3. JMS Transport Security
          3. Securing JDBC
        9. J2EE Architecture–Network Topology
          1. Designing for Security with Horizontal Scalability
          2. Designing for Security with Vertical Scalability
        10. J2EE Web Services Security–Overview
        11. Summary
        12. References
    11. III. Web Services Security and Identity Management
      1. 6. Web Services Security–Standards and Technologies
        1. Web Services Architecture and Its Building Blocks
          1. Web Services Operational Model
          2. Core Web Services Standards
            1. Extensible Markup Language (XML)
            2. Simple Object Access Protocol (SOAP)
            3. Web Services Definition Language (WSDL)
            4. Universal Description, Discovery, and Integration (UDDI)
          3. Web Services Communication Styles
            1. RPC Style Web Services
            2. Document Style Web Services
        2. Web Services Security–Core Issues
          1. Web Services–Threats, Vulnerabilities, and Risks
            1. Denial of Service (DoS) / XML Denial of Service (XML-DoS)
            2. Man-in-the-Middle
            3. Message Injection and Manipulation
            4. Session Hijacking and Theft
            5. Identity Spoofing
            6. Message Confidentiality
            7. Replay Attacks
            8. Message Validation Abuses
            9. XML Schema Tampering
            10. WSDL and UDDI Attacks
        3. Web Services Security Requirements
          1. Authentication
          2. Authorization and Entitlement
          3. Auditability and Traceability
          4. Data Integrity
          5. Data Confidentiality
          6. Non-repudiation
          7. Availability and Service Continuity
          8. Single Sign-on and Delegation
          9. Identity and Policy Management
          10. Security Interoperability
        4. Web Services Security Standards
        5. XML Signature
          1. Motivation of XML Signature
          2. The Anatomy of XML Signature
            1. Representing XML Signatures
            2. Representation of XML Signature Structure and Elements
            3. <Signature>
            4. <SignatureValue>
            5. <SignedInfo>
            6. <CanonicalizationMethod>
            7. <SignatureMethod>
            8. <Reference>
            9. <Transforms>
            10. <DigestMethod>
            11. <DigestValue>
            12. <KeyInfo>
            13. <Object>
            14. <Manifest>
            15. <SignatureProperties>
          3. Algorithms
            1. Signature Algorithms
            2. Canonicalization Algorithms
            3. Transform Algorithms
          4. XML Signature Examples
            1. Enveloped Signature
            2. Enveloping Signature
            3. Detached Signature
          5. Creating an XML Signature
          6. Verifying and Validating an XML Signature
        6. XML Encryption
          1. Motivation of XML Encryption
          2. The Anatomy of XML Encryption
            1. Structure of XML Encryption and Its Core Elements
            2. <EncryptedData>
            3. <EncryptionMethod>
            4. <ds:KeyInfo>
            5. <CipherData>
            6. <EncryptedKey>
            7. <EncryptionProperties>
          3. XML Encryption Algorithms
            1. Block Encryption
            2. Key Transport
            3. Key Agreement
            4. Symmetric Key Wrap
            5. Message Digest
            6. Message Authentication
            7. Canonicalization
          4. XML Encryption: Example Scenarios
            1. XML Encryption: Element Level
            2. XML Encryption: Element Content Level
            3. XML Encryption: Element Content (Character Data)
            4. XML Encryption: Arbitrary Content
            5. Super Encryption: Encrypting the Encrypted Data
        7. XML Key Management System (XKMS)
          1. Motivation of XKMS
          2. XKMS Specification Overview
          3. XML Key Information Services (X-KISS)
            1. X-KISS Locate Service
            2. X-KISS Validate Service
          4. XML Key Registration Service (X-KRSS)
            1. X-KRSS Key Registration Service
            2. X-KRSS Key Revocation Service
            3. X-KRSS Key Recovery Service
            4. X-KRSS Key Reissue Service
          5. X-BULK
        8. OASIS Web Services Security (WS-Security)
          1. Motivation of WS-Security
          2. WS-Security Definitions
          3. Using Digital Signatures in WS-Security
          4. Using Encryption in WS-Security
          5. Using Security Tokens in WS-Security
            1. The Role of SAML and REL in WS-Security
          6. WS-Security: The Anatomy of SOAP Message Security
            1. Message Structure and Its Core Elements
            2. Namespaces
            3. <wsse:Security>
            4. <wsse:UsernameToken>
            5. <wsse:BinarySecurityToken>
            6. <saml:Assertion> and <r:license>
            7. <wsse:SecurityTokenReference>
            8. <ds:Signature>
            9. <xenc:EncryptedData>
            10. <xenc:EncryptedKey>
            11. <wsu:TimeStamp>
        9. WS-I Basic Security Profile
        10. Java-Based Web Services Security Providers
          1. Sun JWSDP
            1. WS-Security in JWSDP
            2. J2EE 1.4
          2. Sun Java System Access Manager
          3. VeriSign TSIK and XKMS Services
            1. VeriSign XKMS Services
          4. RSA BSAFE Secure-WS
        11. XML-Aware Security Appliances
          1. XML Firewall
        12. Summary
        13. References
      2. 7. Identity Management Standards and Technologies
        1. Identity Management–Core Issues
        2. Understanding Network Identity and Federated Identity
          1. The Importance of Identity Management
        3. Introduction to SAML
          1. The Motivation of SAML
          2. The Role of SAML in SSO
          3. SAML 1.0
          4. SAML 1.1
          5. SAML 2.0
          6. SAML Profiles
        4. SAML Architecture
          1. SAML Assertions
          2. SAML Domain Model
          3. SAML Architecture
          4. Policy Enforcement Point
          5. Policy Administration Point
          6. SAML Request-Reply Model
          7. SAML Authentication Assertion
          8. SAML Attribute Assertion
          9. SAML Authorization Decision Assertion
          10. XML Signatures in SAML
        5. SAML Usage Scenarios
          1. Third-Party Authentication and Authorization
          2. Global Logout
          3. Security Threats and Countermeasures
            1. Denial of Service Attack
            2. Message Replay and Message Modification
            3. Man-in-the-Middle Attack
        6. The Role of SAML in J2EE-Based Applications and Web Services
        7. Introduction to Liberty Alliance and Their Objectives
          1. Liberty Phase 1
          2. Liberty Phase 2
        8. Liberty Alliance Architecture
          1. Relationships
          2. Web Redirection
          3. Web Services
          4. Meta-Data and Schemas
          5. Security Mechanisms
        9. Liberty Usage Scenarios
          1. Federation Management
            1. Identity Federation
            2. Identity De-federation
            3. Identity Registration and Termination
          2. Liberty Single Sign-on
            1. Identity Provider Session State Maintenance
            2. Multi-tiered Authentication
            3. Credentials
            4. Communication Security
          3. Federated Single Sign-on
          4. Global Logout
          5. Example–SAML and Liberty Using Sun Java System Access Manager
        10. The Nirvana of Access Control and Policy Management
          1. IETF Policy Management Working Group
          2. Distributed Management Task Force (DMTF)
          3. Parlay Group
          4. Enterprise Privacy Authorization Language (EPAL)
          5. Web Services Policy–WS-Policy and WSPL
        11. Introduction to XACML
          1. XACML 2.0
        12. XACML Data Flow and Architecture
          1. XACML Architecture
        13. XACML Usage Scenarios
          1. Policy Store
          2. Centralizing Security Policy for Web Services Security
          3. Collaborating with SAML
          4. ebXML Registry
          5. Example–XACML Using Sun’s XACML Kit
          6. Sample Scenario
          7. Sample Request
          8. Sample Policy
            1. Remark
          9. Use of XACML 2.0 with SAML 2.0
        14. Summary
        15. References
    12. IV. Security Design Methodology, Patterns, and Reality Checks
      1. 8. The Alchemy of Security Design–Methodology, Patterns, and Reality Checks
        1. The Rationale
          1. The Security Wheel
            1. The Hub
            2. The Spokes
            3. The Wheel Edge
        2. Secure UP
          1. Secure UP–Artifacts
          2. Risk Analysis (RA)
          3. Trade-Off Analysis (TOA)
        3. Security Patterns
          1. Understanding Existing Security Patterns
            1. Web Tier
            2. Business Tier
            3. Integration Tier
            4. Infrastructure and Quality of Services
        4. Security Patterns for J2EE, Web Services, Identity Management, and Service Provisioning
          1. Security Pattern Template
          2. Security Patterns Catalog
            1. Web Tier Security Patterns
            2. Business Tier Security Patterns
            3. Web Services Tier Security Patterns
            4. Security Patterns for Identity Management and Service Provisioning
          3. Security Patterns and their Relationships
            1. Applying Security Patterns
              1. Web Tier
              2. Business Tier
              3. Web Services Tier
              4. Identity Tier
          4. Patterns-Driven Security Design
          5. Security Design Processes
            1. Factor Analysis
              1. Infrastructure
              2. Web Tier
              3. Business Tier
              4. Web Services Tier
              5. Identity Tier
              6. Quality of Services
            2. Tier Analysis
            3. Threat Profiling
            4. Trust Model
          6. Policy Design
          7. Classification
            1. Security Labeling
          8. Application Security Assessment Model
        5. Reality Checks
        6. Security Testing
          1. Black Box Testing
          2. White Box Testing
        7. Adopting a Security Framework
          1. Application Security Provider
            1. Security Infrastructure Services
            2. Identity and Policy Management Services
        8. Refactoring Security Design
        9. Service Continuity and Recovery
        10. Conclusion
        11. References
          1. Unified Process
          2. Security Principles
          3. Security Patterns
          4. Others
    13. V. Design Strategies and Best Practices
      1. 9. Securing the Web Tier–Design Strategies and Best Practices
        1. Web-Tier Security Patterns
          1. Authentication Enforcer
            1. Problem
            2. Forces
            3. Solution
            4. Structure
            5. Participants and Responsibilities
            6. Strategies
              1. Container Authenticated Strategy
              2. Authentication Provider-Based Strategy
              3. JAAS Login Module Strategy
            7. Consequences
            8. Sample Code
            9. Security Factors and Risks
            10. Reality Check
            11. Related Patterns
          2. Authorization Enforcer
            1. Problem
            2. Forces
            3. Solution
            4. Structure
            5. Participants and Responsibilities
            6. Strategies
              1. Authorization Provider Strategy
              2. Programmatic Authorization Strategy
              3. JAAS Authorization Strategy
            7. Consequences
            8. Security Factors and Risks
            9. Reality Check
            10. Related Patterns
          3. Intercepting Validator
            1. Problem
            2. Forces
            3. Solution
            4. Structure
            5. Participants and Responsibilities
            6. Strategies
            7. Consequences
            8. Security Factors and Risks
            9. Reality Check
            10. Related Patterns
          4. Secure Base Action
            1. Problem
            2. Forces
            3. Solution
            4. Structure
            5. Participants and Responsibilities
            6. Strategies
              1. MVC Style Secure Base Action Strategy
            7. Consequences
            8. Sample Code
            9. Security Factors and Risks
            10. Reality Check
            11. Related Patterns
          5. Secure Logger
            1. Problem
            2. Forces
            3. Solution
            4. Structure
            5. Participants and Responsibilities
            6. Strategies
              1. Secure Data Logger Strategy
              2. Secure Log Store Strategy
            7. Consequences
            8. Sample Code
            9. Security Factors and Risks
            10. Reality Check
            11. Related Patterns
          6. Secure Pipe
            1. Problem
            2. Forces
            3. Solution
            4. Structure
            5. Participants and Responsibilities
            6. Strategies
              1. Web-Server-Based SSL
              2. Hardware-Based Cryptographic Card Strategy
              3. Network Appliance Strategy
              4. Application Layer Using JSSE Strategy
            7. Consequences
            8. Sample Code
            9. Security Factors and Risks
              1. Infrastructure
              2. Web Tier
            10. Reality Check
            11. Related Patterns
          7. Secure Service Proxy
            1. Problem
            2. Forces
            3. Solution
            4. Structure
            5. Participants and Responsibilities
            6. Strategies
              1. Single-Service Secure Service Proxy Strategy
              2. Multi-Service Controller Secure Service Proxy Strategy
            7. Sample Code
            8. Consequences
            9. Security Factors and Risks
            10. Reality Check
            11. Related Patterns
          8. Intercepting Web Agent
            1. Problem
            2. Forces
            3. Solution
            4. Structure
            5. Participants and Responsibilities
            6. Strategies
              1. External Policy Server Strategy
            7. Consequences
            8. Sample Code
            9. Security Factors and Risks
            10. Reality Check
            11. Related Patterns
        2. Best Practices and Pitfalls
          1. Infrastructure
          2. Communication
          3. Application
        3. References
      2. 10. Securing the Business Tier–Design Strategies and Best Practices
        1. Security Considerations in the Business Tier
        2. Business Tier Security Patterns
          1. Audit Interceptor
            1. Problem
            2. Forces
            3. Solution
            4. Structure
            5. Participants and Responsibilities
            6. Strategies
              1. Intercepting Session Façade Strategy
            7. Consequences
            8. Sample Code
            9. Security Factors and Risks
              1. Business Tier
              2. Distributed Security
            10. Reality Check
            11. Related Patterns
          2. Container Managed Security
            1. Problem
            2. Forces
            3. Solution
            4. Structure
            5. Participants and Responsibilities
            6. Strategies
              1. Web Tier Container Managed Security Strategy
              2. Service Tier Container Managed Security Strategy
              3. Container Manager Security in Conjunction with Programmatic Security
            7. Consequences
            8. Sample Code
            9. Security Factors and Risks
            10. Reality Check
            11. Related Patterns
          3. Dynamic Service Management
            1. Problem
            2. Forces
            3. Solution
            4. Structure
            5. Participants and Responsibilities
            6. Strategies
              1. Model MBean Strategy
            7. Consequences
            8. Sample Code
            9. Security Factors and Risks
            10. Reality Check
            11. Related Patterns
          4. Obfuscated Transfer Object
            1. Problem
            2. Forces
            3. Solution
            4. Structure
            5. Participants and Responsibilities
            6. Strategies
              1. Masked List Strategy
              2. Encryption Strategy
            7. Consequences
            8. Sample Code
            9. Security Factors and Risks
            10. Reality Check
            11. Related Patterns
          5. Policy Delegate
            1. Problem
            2. Forces
            3. Solution
            4. Structure
            5. Participants and Responsibilities
            6. Strategies
            7. Consequences
            8. Sample Code
            9. Security Factors and Risks
            10. Reality Check
            11. Related Patterns
          6. Secure Service Façade
            1. Problem
            2. Forces
            3. Solution
            4. Structure
            5. Participants and Responsibilities
            6. Strategies
            7. Consequences
            8. Sample Code
            9. Security Factors and Risks
            10. Reality Check
            11. Related Patterns
          7. Secure Session Object
            1. Problem
            2. Forces
            3. Solution
            4. Structure
            5. Participants and Responsibilities
            6. Strategies
              1. Transfer Object Member Strategy
              2. Interceptor Strategy
            7. Consequences
            8. Sample Code
            9. Security Factors and Risks
            10. Reality Check
            11. Related Patterns
        3. Best Practices and Pitfalls
          1. Infrastructure
          2. Architecture
          3. Policy
          4. Pitfalls
        4. References
      3. 11. Securing Web Services–Design Strategies and Best Practices
        1. Web Services Security Protocols Stack
          1. Network-Layer Security
          2. Transport-Layer Security
          3. Message-Layer Security
        2. Web Services Security Infrastructure
          1. Network Perimeter Security
          2. XML Firewall
          3. Web Services Infrastructure
          4. Identity Provider
          5. Directory Services
        3. Web Services Security Patterns
          1. Message Interceptor Gateway
            1. Problem
            2. Forces
            3. Solution
            4. Structure
            5. Participants and Responsibilities
            6. Strategies
              1. XML-Aware Security Appliance (XML Firewall) Strategy
              2. Intercepting Web Agent Strategy
            7. Consequences
            8. Security Factors and Risks
            9. Reality Checks
            10. Related Patterns
          2. Message Inspector
            1. Problem
            2. Forces
            3. Solution
            4. Structure
            5. Participants and Responsibilities
            6. Strategies
              1. XML-Aware Security Appliance Strategy
              2. Message-Handler Chain Strategy
              3. Identity Provider Agent Strategy
            7. Consequences
            8. Security Factors and Risks
            9. Reality Checks
            10. Related Patterns
          3. Secure Message Router
            1. Problem
            2. Forces
            3. Solution
            4. Structure
            5. Participants and Responsibilities
            6. Strategies
              1. XML Messaging Provider Strategy
              2. Liberty SSO Strategy
            7. Consequences
            8. Security Factors and Risks
            9. Reality Checks
            10. Related Patterns
        4. Best Practices and Pitfalls
          1. Best Practices
            1. Web Services Infrastructure Security
            2. Communication and Message Security
            3. Testing and Deployment
          2. Pitfalls
        5. References
      4. 12. Securing the Identity–Design Strategies and Best Practices
        1. Identity Management Security Patterns
          1. Assertion Builder Pattern
            1. Problem
            2. Forces
            3. Solution
            4. Structure
            5. Participants and Responsibilities
            6. Strategies
              1. Protocol Binding Strategy
              2. Time Checking Strategy
              3. Audit Control Strategy
              4. Using Assertion Builder Pattern in Single Sign-on
            7. Consequences
            8. Sample Code
            9. Security Factors and Risks
            10. Reality Check
            11. Related Patterns
          2. Single Sign-on (SSO) Delegator Pattern
            1. Problem
            2. Forces
            3. Solution
            4. Structure
            5. Participants and Responsibilities
            6. Strategies
              1. Using Single Sign-on Delegator and Assertion Builder Together
              2. Global Logout Strategy
              3. Identity Termination / Revocation Strategy
            7. Consequences
            8. Sample Code
            9. Security Factors and Risks
            10. Reality Check
            11. Related Patterns
          3. Credential Tokenizer Pattern
            1. Problem
            2. Forces
            3. Solution
            4. Structure
            5. Participants and Responsibilities
            6. Strategies
              1. Service Provider Interface Approach
              2. Protocol Binding Strategy
            7. Consequences
            8. Sample Code
            9. Security Factors and Risks
            10. Reality Check
            11. Related Patterns
        2. Best Practices and Pitfalls
          1. Best Practices
          2. Pitfalls
        3. References
      5. 13. Secure Service Provisioning–Design Strategies and Best Practices
        1. Business Challenges
          1. Scope of Service Provisioning
          2. Relationship with Identity Management
          3. A Typical Scenario of User Account Provisioning
          4. Current Approaches to User Account Provisioning
        2. User Account Provisioning Architecture
          1. Centralized Model versus Decentralized Model
          2. Logical Architecture
            1. Provisioning Components
            2. Provisioning Services
          3. Portal Integration
          4. Integrating with an Identity Provider Infrastructure
          5. Other Integration Capability
          6. Differentiators for Service Provisioning Products
            1. Technology Differentiators
        3. Introduction to SPML
          1. Service Provisioning Operations
          2. Features in SPML
          3. Adopting a SAML Implementation
        4. Service Provisioning Security Pattern
          1. Password Synchronizer Pattern
            1. Problem
            2. Forces
            3. Solution
            4. Structure
            5. Participants and Responsibilities
            6. Strategies
            7. Consequences
            8. Sample Code
            9. Security Factors and Risks
            10. Reality Check
          2. Related Patterns
        5. Best Practices and Pitfalls
          1. Application Design
          2. Quality of Service
          3. Server Sizing Consideration
          4. Security Risk Mitigation
        6. Summary
        7. References
          1. General
          2. Some Security Service Provisioning Vendors
          3. Some Password Management or Password Synchronization Vendor Products
    14. VI. Putting It All Together
      1. 14. Building End-to-End Security Architecture–A Case Study
        1. Overview
          1. Understanding the Security Challenges
          2. Assumptions
        2. Use Case Scenarios
          1. Choosing the Right Methodology
          2. Identifying the Requirements
          3. Identifying the Security Requirements
          4. System Constraints
          5. Security Use Cases
            1. Use Case Diagram
            2. Actors
            3. eRewards Portal–Logical View
          6. System Environment
        3. Application Architecture
          1. Technology Elements
          2. Security Prerequisites
          3. Conceptual Security Model
        4. Security Architecture
          1. Risk Analysis and Mitigation
          2. Trade-Off Analysis (TOA)
          3. Applying Security Patterns
            1. Other Security Patterns Used
          4. Security Architecture–Detailed Components
            1. Web Tier
            2. Business Tier
            3. Web Service Tier
        5. Design
          1. Policy Design
          2. Factor Analysis
            1. Infrastructure
            2. Web Tier
            3. Business Tier
            4. Web Services Tier
          3. Security Infrastructure
            1. Security Infrastructure–Detailed components
          4. Tier Analysis
            1. Web Tier
            2. Business Tier
            3. Web Services Tier
            4. Identity Tier
          5. Trust Model
          6. Threat Profiling
          7. Security Design
            1. Relating the Analyses to the Security Patterns
            2. Data Modeling and Objects
            3. Business Data Objects
            4. Data Class
            5. Service Design
            6. User Login Service
            7. Catalog Service
            8. Order Management Service
            9. Order Fulfillment Service
        6. Development
          1. Unit and Integration Testing
        7. Testing
          1. White Box Testing
          2. Black Box Testing
        8. Deployment
          1. Configuration
          2. Monitoring
          3. Auditing
        9. Summary
        10. Lessons Learned
        11. Pitfalls
        12. Conclusion
        13. References
    15. VII. Personal Identification Using Smart Cards and Biometrics
      1. 15. Secure Personal Identification Strategies Using Smart Cards and Biometrics
        1. Physical and Logical Access Control
          1. The Role of Smart Cards in Access Control
          2. The Role of Biometrics in Access Control
        2. Enabling Technologies
          1. Java Card API
          2. Global Platform
          3. PC/SC Framework
          4. OpenCard Framework (OCF)
          5. OpenSC
          6. BioAPI
          7. Pluggable Authentication Module (PAM)
          8. Graphical Identification and Authentication (GINA)
          9. Java Authentication and Authorization Service (JAAS)
        3. Smart Card-Based Identification and Authentication
          1. Architecture and Implementation Model
            1. Logical Architecture
              1. Smart Cards
              2. Smart Card Readers
              3. Smart Card Enrollment/Personalization System
              4. Smart Card Authentication Server
              5. Browser Plug-in (for Web Clients)
              6. JAAS LoginModule (for J2EE and Java Applications)
              7. J2EE-Compliant Application Server
              8. PAM Module (for UNIX Applications and Desktop Login)
              9. GINA Module (for Windows Environment)
          2. Operational Model
            1. Smart Card Enrollment and Termination
            2. Smart Card-Based Authentication
              1. Smart Card Authentication Using Challenge-Response Protocol
              2. Smart Card Authentication Using OCSP Responder
          3. Using Smart Cards for Physical Access Control
        4. Biometric Identification and Authentication
          1. Understanding the Biometric Verification Process
            1. Identification and Authentication
            2. Fingerprint Matching
          2. Accuracy of a Biometric Verification Process
            1. False Non-Match Rate (FNMR) or False Reject Rate (FRR)
            2. False Acceptance Rate (FAR) or False Match Rate (FMR)
            3. Failure to Enroll (FTE)
            4. Crossover Error Rate (CER) or Equal Error Rate (EER)
            5. Ability to Verify (ATV)
          3. Architecture and Implementation
            1. Logical Architecture
              1. Fingerprint Scanner
              2. Biometrics Enrollment and Authentication System
              3. Browser Plug-in (for Web Clients)
              4. PAM Module (for UNIX Applications and Desktop Login)
              5. GINA Module (for Windows Environment)
              6. J2EE-Compliant Application Server
              7. JAAS LoginModule (for J2EE and Java Applications)
          4. Operational Model
            1. Biometric Enrollment and Termination
            2. Biometric Authentication Process
          5. Biometric SSO Strategy
        5. Multi-factor Authentication Using Smart Cards and Biometrics
          1. Match-on-the-Card Biometrics Strategy
          2. Match-off-the-Card Biometrics Strategy
        6. Best Practices and Pitfalls
          1. Using Smart Cards
          2. Using Biometrics
          3. Pitfalls
        7. References