SOA for Security Professionals Training

Overview >

This 2-day course will introduce you to the world of service orientation and prepare you to identify, define, diagnose, and implement a comprehensive security strategy for a Service Oriented Architecture (SOA) initiative. SOA opens up a whole realm of security issues due to its ubiquity, decentralization, distributed, and even federated nature. Students will be exposed to a broad range of service orientation topics and enterprise SOA security subjects, providing a solid foundational understanding of valid and in-valid approaches to designing and implementing SOA security.

Concepts in this course are re-enforced through a combination of group discussion, live demos and daily reviews.

Audience >

Skills Gained >

Prerequisites >

Outline >

Outline of SOA for Security Professionals Training 1. SOA Fundamentals

Objectives
SOA in Context
SOA Job Role Impact
Service Oriented Architecture
The SOA Umbrella
SOA and Business Process Management
BPM Value Add
SOA Governance
SOA Governance Model
What s a Service?
Example Services
Service Actors
SOA Motivation
SOA s Goal
The Value of Transitioning from Applications to Services
Is this a New Concept?
Service Orienting the Enterprise
Service Characteristics
About Services in SOA
Contract-driven software
Elements of a Service
What is a Web Service?
How Web Services Work
Web Service Standards
SOA Standards
SOA Capabilities
Service Oriented Thinking
Summary

2. Layers of Services

What is Layering?
SOA Layers
Common Layers
Auxiliary Layers
Digesting the Layers
The Application Service Layer
The Business Service Layer
The Orchestration Layer
Layering Rules of Thumb
SOA User Interface
Portal Site's Context Awareness
Web 2.0 Data Aggregation

3. SOA Value Proposition

The SOA Value Proposition
Reducing integration expense
Integration costs illustration
Ripple effect of changes
The value of SOA layering
SOA reduces integration costs
Increasing asset reuse
Asset reuse illustration
Increasing business agility
Business Agility Illustration
Traditional EAI Approach
Problems with Traditional EAI Approach
Change Flow Using Legacy Approach
SOA Agility
Build the Services
Build the Process
We Can Easily Change the Process
Reducing business risk
Risk reduction illustration
SOA Eases Compliance Risk
Other Advantages
Business Advantages
Hasn t this been said before?
ROI Quantification Hurdles
Real World SOA Example 1
Real World SOA Example 2
Real World SOA Example 3
Real World SOA Example 4

4. Overview of Service Registries

Services Registry
Why Do We Need a Service Registry?
Main Activities Done Using a Registry
Publish
Discovery
Dynamic Discovery
Management
Enforce Governance Lifecycle
SOA Registry Products

5. Enterprise Service Bus (ESB)

SOA and the ESB Pattern
Loose Coupling
Service Invocation
Business Process
Data Integration
Enterprise Service Bus (ESB)
Legacy System Integration
Unsupported Protocol
The Role of ESB in SOA
ESB: Software Artifacts
ESB - Software Artifacts
Business Process: Example
Minimum ESB Capabilities
Minimum ESB Capabilities: Integration
Minimum ESB Capabilities: Communication
Minimum ESB Capabilities: Service Interaction
Minimum ESB Capabilities: Management
Security and ESB

6. Information Management in SOA

Introduction
SOA and Enterprise Information Management
Operational Data Replication Basics
SOA and Data Basics
Data Publishing Event
Modeling Events
Handling Events in a BPEL Process
Data Mediation
Data Format
Generic Data Model
Example Generic Data Model
Mapping Data
Loading Data
Extract Transform Loading (ETL)
ETL and SOA
Data Federation

7. SOA Security Overview

Traditional systems
Loosely-coupled systems
Risks of loosely-coupled services
SOA Security Concerns
Security Stack: Web services
Security Stack: Other services
Discussion Question

8. Security Patterns

Service bus security
Service bus security layers
Application-managed security
Security as a service
Reverse Proxy
ESB Gateway

9. Security Layering

Security Layering
Policy-driven Security
PEP/PDP in Action
Loosely-coupled security layer
SES/SDS in Action
Layering and service granularity
Security Service Granularity
Process-centric Security

10. Applying Traditional Security to SOA

Public Key Infrastructure (PKI)
Digital Signature
Digital Signature Process
Certificates
Authentication
Basic HTTP Authentication
Secure Socket Layer (SSL)
Basic Authentication Over HTTPS
Securing non-HTTP Traffic

11. SOA Security Standards

WS-Security
XML Encryption & Signature
SAML
WS-Trust
WS-Trust Interoperability
WS-Federation
WS-SecureConversation
Web Services Policy Framework
WS-SecurityPolicy
Security Standards Review

12. Simple Object Access Protocol (SOAP)

SOAP Overview
SOAP in Protocol Stack
SOAP Components
SOAP HTTP Request Example
SOAP HTTP Response Example
Message Envelope
The Header Element
Header Attributes
SOAP Body
SOAP Fault
Communication Style
RPC/Encoded Style
RPC/Literal Style
Enabling RPC Styles
Document/Literal Style
Document/Literal Wrapped Style
Details of the Wrapped Style
Enabling Document Literal Style

13. SOA Security Standards

SOA Security Model
SOA Security Policies
Transport Level Security Policy
Message Level Security Policy
Data Level Security Policy
Overview of Web Services Security
Securing XML Data
XML Digital Signatures
XML Encryption
WS-Security Tokens
WS-Security Considerations
Putting it all together
Phase 1: The Service-side
Phase 1: Build a secure service
Phase 2: The Client
Phase 2: Build a secure client
Phase 3: Production
Audit Tracking
Identity Assertion Using SAML
SAML SOAP Example

14. SOA Security Threats and Countermeasures

The Price of Open Standards
Generic Vulnerabilities
XML-specific Attacks
Countermeasures

15. Governing SOA Security

Security Governance
Collecting Security Requirements
Policies and Contract Management
Policy and Contract Management
SOA Security Lifecycle
Governance Model Overview
Models for Governing Security

Appendix A. Glossary

Glossary

Appendix B. Introduction to Web Services

A Conceptual Look at Services
Defining Services
SOA Runtime Implementation
Enterprise Assets as Services
Typical Development Workflow
Advantages of Web Services
Web Service Business Models
Case Study: Internal System Integration
Case Study: Business Process Externalization
SOAP Structure
SOAP Message Architecture
Applying SOAP
WSDL Overview
WSDL Structure
Applying WSDL
UDDI Overview
UDDI Terminology
UDDI Structure
Locating a Service
Applying UDDI
WS-I Overview
WS-I Deliverables

Course Dates

Search by:

Show only GTR courses

Page 1, showing results 1-25 out of 109

Location

Duration

Start Date

Price

Toronto, Canada

2 Days

7th Aug 2023

$1800

Calgary, Canada

2 Days

7th Aug 2023

$1800

Vancouver, Canada

2 Days

7th Aug 2023

$1800

Montreal, Canada

2 Days

7th Aug 2023

$1800

Ottawa, Canada

2 Days

7th Aug 2023

$1800

LVC, New Zealand

2 Days

8th Aug 2023

$2500

LVC, United States

2 Days

8th Aug 2023

$1800

LVC, Australia

2 Days

8th Aug 2023

$2500

LVC, Australia

2 Days

8th Aug 2023

$2500

LVC, New Zealand

2 Days

8th Aug 2023

$2500

LVC, France

2 Days

8th Aug 2023

€1400

LVC, Germany

2 Days

8th Aug 2023

€1400

LVC, United Kingdom

2 Days

8th Aug 2023

£1200

LVC, United States

2 Days

8th Aug 2023

$1800

LVC, United States

2 Days

8th Aug 2023

$1800

LVC, Spain

2 Days

8th Aug 2023

€1400

LVC, Italy

2 Days

8th Aug 2023

€1400

LVC, Australia

2 Days

8th Aug 2023

$2500

Toronto, Canada

2 Days

17th Aug 2023

$1800

Calgary, Canada

2 Days

17th Aug 2023

$1800

Vancouver, Canada

2 Days

17th Aug 2023

$1800

Montreal, Canada

2 Days

17th Aug 2023

$1800

Ottawa, Canada

2 Days

17th Aug 2023

$1800

Auckland, New Zealand

2 Days

6th Sep 2023

$2500

Sydney, Australia

2 Days

6th Sep 2023

$2500

Page 2 →

Thinking about Onsite?

If you need training for 3 or more people, you should ask us about onsite training. Putting aside the obvious location benefit, content can be customised to better meet your business objectives and more can be covered than in a public classroom. Its a cost effective option. One on one training can be delivered too, at reasonable rates.

Submit an enquiry from any page on this site, and let us know you are interested in the requirements box, or simply mention it when we contact you.

All $ prices are in USD unless it’s a NZ or AU date

SPVC = Self Paced Virtual Class

LVC = Live Virtual Class

Course Dates

Thinking about Onsite?

Please Note: All courses are availaible as Live Virtual Classes

Our Clients